Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1543740
MD5:4b9c20965a7f8aba98a722fb311a8de8
SHA1:1980fe9a40ccb001ba9d34369ea8b5dd550d6a54
SHA256:60732d59660ca0cc96eba467ebbb4b47c693222ed4a60d15c55d5ff409426777
Tags:exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Connects to many different domains
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6212 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 4B9C20965A7F8ABA98A722FB311A8DE8)
    • taskkill.exe (PID: 6188 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 2932 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 2924 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 1136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 2200 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 3328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5000 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 3848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 6548 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • taskkill.exe (PID: 2008 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 3384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7440 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7504 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7512 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7620 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • conhost.exe (PID: 7704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7684 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 7748 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 6424 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 5824 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 2352 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2208 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {308dec56-a9e5-4107-a009-d3ff39bebe95} 5824 "\\.\pipe\gecko-crash-server-pipe.5824" 19a62170d10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7784 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7800 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8064 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2328 -parentBuildID 20230927232528 -prefsHandle 2272 -prefMapHandle 2264 -prefsLen 25359 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f1747b7-9f91-4c38-9d2f-6eda4767631b} 7800 "\\.\pipe\gecko-crash-server-pipe.7800" 1893e96e910 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7372 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4676 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 1524 -prefMapHandle 4668 -prefsLen 32371 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f54f232-a1db-4584-a609-d58d2c4ec88b} 7800 "\\.\pipe\gecko-crash-server-pipe.7800" 1895a838710 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.1866585631.000000000153F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security
    Process Memory Space: file.exe PID: 6212JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: file.exeReversingLabs: Detection: 47%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.3% probability
      Machine Learning detection for sample
      Source: file.exeJoe Sandbox ML: detected
      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49754 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49756 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64465 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64471 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64472 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64473 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:64475 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.4:64474 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:64479 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64481 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64480 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64482 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.113.102:443 -> 192.168.2.4:50919 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51029 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51030 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51031 version: TLS 1.2
      Source: Binary string: The name of the library's debug file. For example, 'xul.pdb source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: "description": "The name of the library's debug file. For example, 'xul.pdb" source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: The results that the provider fetched for the query.Retrieves information about a single contextual identity.Unregister a content script registered programmaticallyReturns the value of the overridden new tab page. Read-only.This setting controls whether the document's fonts are used.The name of the provider whose behavior the listener returns.If true, the text in the urlbar will also be selected.Creates a contextual identity with the given data.Details about the contextual identity being created.After which mouse event context menus should popup.Whether to focus the input field and select its contents.Text and icons for up to two notification action buttons.The set of notifications currently in the system.Title of the notification (e.g. sender name for email).A URL to the image thumbnail for image-type notifications.The name of the file inside the profile/profiler directoryGathers the profile data from the current profiling session.The name of the library's debug file. For example, 'xul.pdb source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0081DBBE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008268EE FindFirstFileW,FindClose,0_2_008268EE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0082698F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0081D076
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0081D3A9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00829642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00829642
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0082979D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00829B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00829B2B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00825C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00825C97
      Source: firefox.exeMemory has grown: Private usage: 0MB later: 75MB
      Source: unknownNetwork traffic detected: DNS query count 31
      Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
      Source: Joe Sandbox ViewIP Address: 151.101.129.91 151.101.129.91
      Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
      Source: Joe Sandbox ViewIP Address: 34.160.144.191 34.160.144.191
      Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.102
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.102
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.102
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.102
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.102
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.102
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.102
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.102
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0082CE44
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://pubads.g.doubleclick.net/gampad/*ad**://*.adsafeprotected.com/services/pub**://www.facebook.com/platform/impression.php**://pixel.advertising.com/firefox-etp--autocomplete-popup-separator-colorresource://gre/modules/AddonManager.sys.mjs equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000001C.00000003.2014066838.000001894F839000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000001C.00000003.2066548636.000001894F77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
      Source: firefox.exe, 0000001C.00000003.2043144215.000001895DD3A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000001C.00000003.2042580781.000001895E052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E05B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000001C.00000003.2053727694.000001895BE38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2057531835.000001895C134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000001C.00000003.2053727694.000001895BE38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000001C.00000003.2043144215.000001895DD3A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000001C.00000003.2042580781.000001895E052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E05B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: UpdateService:selectUpdate - skipping update because the update's application version is not greater than the current application versionhttps://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: UpdateService:selectUpdate - skipping update because the update's application version is not greater than the current application versionhttps://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["*://track.adform.net/Serving/TrackPoint/*", "*://pagead2.googlesyndication.com/pagead/*.js*fcd=true", "*://pagead2.googlesyndication.com/pagead/js/*.js*fcd=true", "*://pixel.advertising.com/firefox-etp", "*://cdn.cmp.advertising.com/firefox-etp", "*://*.advertising.com/*.js*", "*://*.advertising.com/*", "*://securepubads.g.doubleclick.net/gampad/*ad-blk*", "*://pubads.g.doubleclick.net/gampad/*ad-blk*", "*://securepubads.g.doubleclick.net/gampad/*xml_vmap1*", "*://pubads.g.doubleclick.net/gampad/*xml_vmap1*", "*://vast.adsafeprotected.com/vast*", "*://securepubads.g.doubleclick.net/gampad/*xml_vmap2*", "*://pubads.g.doubleclick.net/gampad/*xml_vmap2*", "*://securepubads.g.doubleclick.net/gampad/*ad*", "*://pubads.g.doubleclick.net/gampad/*ad*", "*://www.facebook.com/platform/impression.php*", "https://ads.stickyadstv.com/firefox-etp", "*://ads.stickyadstv.com/auto-user-sync*", "*://ads.stickyadstv.com/user-matching*", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "*://*.adsafeprotected.com/*.gif*", "*://*.adsafeprotected.com/*.png*", "*://*.adsafeprotected.com/*.js*", "*://*.adsafeprotected.com/*/adj*", "*://*.adsafeprotected.com/*/imp/*", "*://*.adsafeprotected.com/*/Serving/*", "*://*.adsafeprotected.com/*/unit/*", "*://*.adsafeprotected.com/jload", "*://*.adsafeprotected.com/jload?*", "*://*.adsafeprotected.com/jsvid", "*://*.adsafeprotected.com/jsvid?*", "*://*.adsafeprotected.com/mon*", "*://*.adsafeprotected.com/tpl", "*://*.adsafeprotected.com/tpl?*", "*://*.adsafeprotected.com/services/pub*", "*://*.adsafeprotected.com/*"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["*://track.adform.net/Serving/TrackPoint/*", "*://pagead2.googlesyndication.com/pagead/*.js*fcd=true", "*://pagead2.googlesyndication.com/pagead/js/*.js*fcd=true", "*://pixel.advertising.com/firefox-etp", "*://cdn.cmp.advertising.com/firefox-etp", "*://*.advertising.com/*.js*", "*://*.advertising.com/*", "*://securepubads.g.doubleclick.net/gampad/*ad-blk*", "*://pubads.g.doubleclick.net/gampad/*ad-blk*", "*://securepubads.g.doubleclick.net/gampad/*xml_vmap1*", "*://pubads.g.doubleclick.net/gampad/*xml_vmap1*", "*://vast.adsafeprotected.com/vast*", "*://securepubads.g.doubleclick.net/gampad/*xml_vmap2*", "*://pubads.g.doubleclick.net/gampad/*xml_vmap2*", "*://securepubads.g.doubleclick.net/gampad/*ad*", "*://pubads.g.doubleclick.net/gampad/*ad*", "*://www.facebook.com/platform/impression.php*", "https://ads.stickyadstv.com/firefox-etp", "*://ads.stickyadstv.com/auto-user-sync*", "*://ads.stickyadstv.com/user-matching*", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "*://*.adsafeprotected.com/*.gif*", "*://*.adsafeprotected.com/*.png*", "*://*.adsafeprotected.com/*.js*", "*://*.adsafeprotected.com/*/adj*", "*://*.adsafeprotected.com/*/imp/*", "*://*.adsafeprotected.com/*/Serving/*", "*://*.adsafeprotected.com/*/unit/*", "*://*.adsafeprotected.com/jload", "*://*.adsafeprotected.com/jload?*", "*://*.adsafeprotected.com/jsvid", "*://*.adsafeprotected.com/jsvid?*", "*://*.adsafeprotected.com/mon*", "*://*.adsafeprotected.com/tpl", "*://*.adsafeprotected.com/tpl?*", "*://*.adsafeprotected.com/services/pub*", "*://*.adsafeprotected.com/*"], windowId:null}, ["blocking"]][{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["*://track.adform.net/Serving/TrackPoint/*", "*://pagead2.googlesyndication.com/pagead/*.js*fcd=true", "*://pagead2.googlesyndication.com/pagead/js/*.js*fcd=true", "*://pixel.advertising.com/firefox-etp", "*://cdn.cmp.advertising.com/firefox-etp", "*://*.advertising.com/*.js*", "*://*.advertising.com/*", "*://securepubads.g.doubleclick.net/gampad/*ad-blk*", "*://pubads.g.doubleclick.net/gampad/*ad-blk*", "*://securepubads.g.doubleclick.net/gampad/*xml_vmap1*", "*://pubads.g.doubleclick.net/gampad/*xml_vmap1*", "*://vast.adsafeprotected.com/vast*", "*://securepubads.g.doubleclick.net/gampad/*xml_vmap2*", "*://pubads.g.doubleclick.net/gampad/*xml_vmap2*", "*://securepubads.g.doubleclick.net/gampad/*ad*", "*://pubads.g.doubleclick.net/gampad/*ad*", "*://www.facebook.com/platform/impression.php*", "https://ads.stickyadstv.com/firefox-etp", "*://ads.stickyadstv.com/auto-user-sync*", "*://ads.stickyadstv.com/user-matching*", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "*://*.adsafeprotected.com/*.gif*", "*://*.adsafeprotected.com/*.png*", "*://*.adsafeprotected.com/*.js*", "*://*.adsafeprotected.com/*/adj*", "*://*.adsafeprotected.com/*/imp/*", "*:
      Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
      Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000001C.00000003.2053727694.000001895BE38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2057531835.000001895C134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000001C.00000003.2053727694.000001895BE38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000001C.00000003.2042580781.000001895E052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2066548636.000001894F77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://a581a2f1-688c-434b-8db8-16166b1993d9/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: resource://gre/modules/JSONFile.sys.mjsresource://gre/modules/ExtHandlerService.sys.mjshttps://e.mail.ru/cgi-bin/sentmsg?mailto=%sresource://gre/modules/URIFixup.sys.mjs@mozilla.org/network/async-stream-copier;1https://poczta.interia.pl/mh/?mailto=%s@mozilla.org/uriloader/dbus-handler-app;1http://www.inbox.lv/rfc2368/?value=%s_injectDefaultProtocolHandlersIfNeededresource://gre/modules/DeferredTask.sys.mjs{33d75835-722f-42c0-89cc-44f328e56a86}extractScheme/fixupChangedProtocol<isDownloadsImprovementsAlreadyMigratedresource://gre/modules/FileUtils.sys.mjshttps://mail.inbox.lv/compose?to=%shttps://mail.yahoo.co.jp/compose/?To=%sCan't invoke URIFixup in the content processhttp://win.mail.ru/cgi-bin/sentmsg?mailto=%s{c6cf88b7-452e-47eb-bdc9-86e3561648ef}resource://gre/modules/JSONFile.sys.mjshandlerSvc fillHandlerInfo: don't know this type@mozilla.org/uriloader/web-handler-app;1resource://gre/modules/FileUtils.sys.mjsnewChannel requires a single object argumentNon-zero amount of bytes must be specified@mozilla.org/intl/converter-input-stream;1https://e.mail.ru/cgi-bin/sentmsg?mailto=%shttps://mail.inbox.lv/compose?to=%spdfjs.previousHandler.alwaysAskBeforeHandling@mozilla.org/uriloader/handler-service;1VALIDATE_DONT_COLLAPSE_WHITESPACESEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULLpdfjs.previousHandler.preferredActionhttps://mail.yandex.ru/compose?mailto=%s@mozilla.org/uriloader/handler-service;1First argument should be an nsIInputStream@mozilla.org/network/input-stream-pump;1Must have a source and a callback@mozilla.org/scriptableinputstream;1https://poczta.interia.pl/mh/?mailto=%sresource://gre/modules/Integration.sys.mjshttps://mail.yahoo.co.jp/compose/?To=%s@mozilla.org/network/simple-stream-listener;1 equals www.yahoo.com (Yahoo)
      Source: firefox.exe, 0000001C.00000003.2043144215.000001895DD3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000001C.00000003.2069789590.000001895BDAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E05B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000001C.00000003.2092862807.000001895C415000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
      Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: youtube.com
      Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
      Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
      Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
      Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
      Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
      Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: example.org
      Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
      Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
      Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
      Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
      Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
      Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: www.youtube.com
      Source: global trafficDNS traffic detected: DNS query: www.facebook.com
      Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
      Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
      Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
      Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
      Source: global trafficDNS traffic detected: DNS query: www.reddit.com
      Source: global trafficDNS traffic detected: DNS query: twitter.com
      Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
      Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
      Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
      Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
      Source: firefox.exe, 0000000D.00000002.1813518257.0000019A71B93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
      Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
      Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
      Source: firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%sresource://gre/modules/NetUtil.sys.mjs
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%sresource://gre/modules/NetUtil.sys.mjshttp://poczta.
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
      Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
      Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
      Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
      Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
      Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
      Source: firefox.exe, 0000001C.00000003.2029974559.000001895DDB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
      Source: firefox.exe, 0000001C.00000003.2049648533.000001895BB1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071047028.000001895B161000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2100320975.000001895B161000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045185865.000001895C05E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
      Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.htmlbrowser.crashReports.unsubmittedCheck.Selected
      Source: firefox.exe, 0000001C.00000003.2029974559.000001895DDB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
      Source: firefox.exe, 0000001C.00000003.2029974559.000001895DDB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045185865.000001895C05E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
      Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
      Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
      Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D98A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
      Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
      Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D98A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
      Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
      Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D98A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
      Source: firefox.exe, 0000000D.00000002.1804860653.0000019A62103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/stringsp
      Source: firefox.exe, 0000001C.00000003.1995019283.000001895667A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
      Source: firefox.exe, 0000001C.00000003.2069789590.000001895BDAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2047756305.000001895BDAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
      Source: firefox.exe, 0000000D.00000002.1816841006.0000019A72295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813518257.0000019A71B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1817637326.0000019A72ACF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1814151579.0000019A71D04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1815265178.0000019A720DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1814151579.0000019A71D3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813161249.0000019A71A48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1817441058.0000019A72403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1816507435.0000019A72186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1815265178.0000019A720FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806510380.0000019A6DAA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1817637326.0000019A72A03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1819386390.0000019A72B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1823543005.0000019A73E76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1810646353.0000019A6F754000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1815265178.0000019A720F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1823543005.0000019A73E86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1814151579.0000019A71D07000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1823543005.0000019A73E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
      Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
      Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
      Source: firefox.exe, 0000001C.00000003.1861243377.000001894F16A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/src/third_party/cld/languages/internal/languages.cc
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
      Source: firefox.exe, 0000001C.00000003.1860441553.000001894EF83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1861127010.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s_injectDefaultProtocolHandlersIfNeededresource://gre/modules/De
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
      Source: firefox.exe, 0000001C.00000003.1911178538.0000018955F96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-update
      Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updateSILENT_UPDATE_NEEDED_ELEVATION_ERRORchrome://branding/locale/b
      Source: firefox.exe, 0000001C.00000003.2006492678.000001894E339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1874356270.000001894D763000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
      Source: firefox.exe, 0000001C.00000003.2006492678.000001894E339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul4e
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul:
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul:scope
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E33A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulUpdateServiceStub:migrateFile
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://global/content/elements/arrows
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://global/content/elements/browse
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E39E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://passwordmgr/locale/passwordmgr
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E39E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulhttp://www.mozilla.org/keymaster/gateke
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E39E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://gre/modules/BrowserTelemetry
      Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://services-settings/remote-set
      Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
      Source: firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
      Source: firefox.exe, 0000001C.00000003.2093675723.000001895BE97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
      Source: firefox.exe, 0000000D.00000003.1788423626.0000019A71D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787444831.0000019A71B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813059467.0000019A71970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788221967.0000019A71D5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787633340.0000019A71D1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059937462.000001894FEAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/get
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.ca
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.caControllerCommands:DoWithParamsget
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
      Source: firefox.exe, 0000001C.00000003.2012940249.000001894F791000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1933510585.000001894F791000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1933783374.000001894F813000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2015109560.000001894F813000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E0A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2016743925.000001895D827000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1933337286.000001894F78A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1973768851.000001894F791000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
      Source: firefox.exe, 0000000D.00000002.1805552874.0000019A63E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RESTART_ARG_3=--no-d
      Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
      Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2088427811.000001895E0AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
      Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2088427811.000001895E0AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
      Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2088427811.000001895E0AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
      Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2088427811.000001895E0AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
      Source: firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2088427811.000001895E0AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.orgcreateContentPrincipalFromOriginhttps://monitor.firefox.combrowser.handler
      Source: firefox.exe, 0000001C.00000003.2029974559.000001895DD7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2089975688.000001895DD80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
      Source: firefox.exe, 0000001C.00000003.1937180303.000001894F89C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
      Source: firefox.exe, 0000001C.00000003.1937180303.000001894F89C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
      Source: firefox.exe, 0000001C.00000003.2071047028.000001895B1B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
      Source: firefox.exe, 0000001C.00000003.2099236274.000001895B1B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
      Source: firefox.exe, 0000000D.00000002.1804860653.0000019A62111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
      Source: firefox.exe, 0000001C.00000003.2045185865.000001895C05E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
      Source: firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://baidu.com
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
      Source: firefox.exe, 0000001C.00000003.2087662443.000001895E0D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
      Source: firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
      Source: firefox.exe, 0000001C.00000003.1970542168.000001894F927000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F870000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936849842.000001894F90F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
      Source: firefox.exe, 0000001C.00000003.1970542168.000001894F927000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936849842.000001894F90F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
      Source: firefox.exe, 0000001C.00000003.1937612581.000001894F887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936849842.000001894F90F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937123177.000001894F886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
      Source: firefox.exe, 0000001C.00000003.1856387257.000001894E6BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180D
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180PlacesToolbarHelper.populateManagedBookmarks(thi
      Source: firefox.exe, 0000001C.00000003.1937612581.000001894F887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F870000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937123177.000001894F886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
      Source: firefox.exe, 0000001C.00000003.1970542168.000001894F927000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936849842.000001894F90F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
      Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
      Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
      Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464https://bugzilla.mozilla.org/show_bug.cgi?id=160
      Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
      Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
      Source: firefox.exe, 0000001C.00000003.1970542168.000001894F927000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937612581.000001894F887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936849842.000001894F90F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937123177.000001894F886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
      Source: firefox.exe, 0000001C.00000003.1936650873.000001894F870000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678942
      Source: firefox.exe, 0000001C.00000003.2018690293.000001895C360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
      Source: firefox.exe, 0000001C.00000003.1970542168.000001894F927000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937526624.000001894F898000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937035047.000001894F898000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
      Source: firefox.exe, 0000001C.00000003.1936650873.000001894F870000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
      Source: firefox.exe, 0000001C.00000003.1936650873.000001894F870000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=806991
      Source: firefox.exe, 0000001C.00000003.1937612581.000001894F887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937077978.000001894F894000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937566753.000001894F894000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937123177.000001894F886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
      Source: firefox.exe, 0000001C.00000003.1937612581.000001894F887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937123177.000001894F886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1877832023.000001894F1CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
      Source: firefox.exe, 0000000D.00000002.1804860653.0000019A62130000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1804860653.0000019A62111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
      Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
      Source: firefox.exe, 0000001C.00000003.2029974559.000001895DD7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2089975688.000001895DD80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2012940249.000001894F7B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2039149892.000001894F7B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
      Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
      Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
      Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
      Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1865362093.000001894F2B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1867897595.000001894F2B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1983835719.000001894F2B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045185865.000001895C098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2057888750.000001895C098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinationsjar
      Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
      Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
      Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
      Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
      Source: firefox.exe, 0000000D.00000003.1788423626.0000019A71D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787444831.0000019A71B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1824537165.00000D5D62704000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813059467.0000019A71970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788221967.0000019A71D5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787633340.0000019A71D1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1824745482.00002311B0504000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1980968302.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920985799.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059937462.000001894FEAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920444215.000001895C233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%shttps://mail.inbox.lv/compose?to=%spdfjs.previousHandler.
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sresource://gre/modules/URIFixup.sys.mjs
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
      Source: firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ebay.com
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
      Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2084220193.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072207207.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
      Source: firefox.exe, 0000001C.00000003.1916381879.000001895BF1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
      Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E33A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2036568103.000001894B01C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2075902936.000001894B01C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2005070380.000001894B013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/remote/Security.html
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main-preview/collections/search-config/reco
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordshttps
      Source: firefox.exe, 0000001C.00000003.2099072364.000001895B1EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
      Source: firefox.exe, 0000001C.00000003.2099236274.000001895B1B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
      Source: firefox.exe, 0000001C.00000003.2022799235.000001894A0BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
      Source: firefox.exe, 0000001C.00000003.2100320975.000001895B161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1Failed
      Source: firefox.exe, 0000001C.00000003.2067931283.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045394883.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2093675723.000001895BEE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1i
      Source: firefox.exe, 0000001C.00000003.2067931283.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045394883.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2093675723.000001895BEE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1i#
      Source: firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2084220193.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072207207.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
      Source: firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
      Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabControl
      Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
      Source: firefox.exe, 0000001C.00000003.2073604226.00000189517EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
      Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
      Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
      Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
      Source: firefox.exe, 0000000D.00000002.1809767184.0000019A6F203000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/
      Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
      Source: firefox.exe, 0000001C.00000003.2002381183.0000018951641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1992060889.0000018951630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1975460679.0000018951630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
      Source: firefox.exe, 0000001C.00000003.2002381183.0000018951641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1992060889.0000018951630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1975460679.0000018951630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
      Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
      Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
      Source: firefox.exe, 0000000D.00000003.1788423626.0000019A71D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787444831.0000019A71B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813059467.0000019A71970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788221967.0000019A71D5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787633340.0000019A71D1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1877964039.000001894F170000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshotsexperiment-apis/aboutConfigPrefs.jsonexperiment-apis/
      Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshotshttps://screenshots.firefox.com/
      Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla/webcompat-reporter
      Source: firefox.exe, 0000001C.00000003.2099236274.000001895B1C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
      Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1804860653.0000019A62111000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2022799235.000001894A0BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881Use
      Source: firefox.exe, 0000001C.00000003.2067931283.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045394883.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2093675723.000001895BEE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881a
      Source: firefox.exe, 0000001C.00000003.2051902537.000001895D75F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2012940249.000001894F7B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2039149892.000001894F7B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2051534757.000001895D7AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
      Source: firefox.exe, 0000001C.00000003.2092467473.000001895C4EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
      Source: firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
      Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E069000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E069000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2042580781.000001895E069000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2101094463.00000189581A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072207207.00000189581A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
      Source: firefox.exe, 0000001C.00000003.2087662443.000001895E0D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/9d53db1a-28de-4067-8ed4-824e8
      Source: firefox.exe, 0000001C.00000003.2071047028.000001895B1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2099236274.000001895B1BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/657536d3-2c23-4641-bf4d-4fac
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submitresource://gre/modules/SearchService.sys.mjshttps://get
      Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
      Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
      Source: firefox.exe, 0000001C.00000003.2070243027.000001895BB40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
      Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
      Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
      Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
      Source: firefox.exe, 0000000D.00000002.1822821026.0000019A73188000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
      Source: firefox.exe, 0000000D.00000002.1822821026.0000019A731E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E3E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%extensions.formautofill.credit
      Source: firefox.exe, 0000000D.00000002.1816841006.0000019A7227B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
      Source: firefox.exe, 0000001C.00000003.1922308385.000001895C2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1919828600.000001895C2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2018864375.000001895C2B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1984425228.000001895C2A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2065584117.000001895C2B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
      Source: firefox.exe, 0000001C.00000003.1922308385.000001895C2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1919828600.000001895C2BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2018864375.000001895C2B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1984425228.000001895C2A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2065584117.000001895C2B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.comZ
      Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.comdevtools.debugger.features.windowless-service-workershttps://bugzilla.mozilla.
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.comresource:///modules/ExtensionsUI.sys.mjs
      Source: firefox.exe, 0000001C.00000003.2012940249.000001894F7B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2039149892.000001894F7B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
      Source: firefox.exe, 0000000D.00000002.1809914920.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1809767184.0000019A6F220000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790293435.0000019A6F533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EFD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%sPdfJs.init
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%schrome://browser/content/schemas/chrome_settings_o
      Source: firefox.exe, 0000000D.00000002.1809914920.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790293435.0000019A6F533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%shttps://mail.yahoo.co.jp/compose/?To=%sCan
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
      Source: firefox.exe, 0000000D.00000002.1809914920.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790293435.0000019A6F533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
      Source: firefox.exe, 0000000D.00000002.1804860653.0000019A621D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28A72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestresource://gre/modules/TelemetryEnvironment.sys.mj
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
      Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E2B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
      Source: firefox.exe, 0000000D.00000002.1824628036.00001607DE004000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1978669403.000001894E6B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1856387257.000001894E6BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org/
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mzl.la/3NS9KJd
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ok.ru/
      Source: firefox.exe, 0000000D.00000002.1809914920.0000019A6F529000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790293435.0000019A6F533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%sMicrosoft
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790811593.0000019A6F529000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
      Source: firefox.exe, 0000001C.00000003.2023671339.000001894D598000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2031535124.000001894D598000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.comTY8H
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.comdch_handle/handleNotification/
      Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
      Source: firefox.exe, 0000001C.00000003.2072931595.0000018951DA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2084645948.0000018951DA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
      Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E2B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
      Source: firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
      Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/#
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/shims/google-safeframe.html
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/shims/google-safeframe.htmlshims/mochitest-shim-1.jsshims/rambler-au
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
      Source: firefox.exe, 0000001C.00000003.2043144215.000001895DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
      Source: firefox.exe, 0000001C.00000003.2069789590.000001895BDC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2096738785.000001895BDC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svgpictureinpicture%40mozilla.org:1.0.0webcompat-reporter
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
      Source: firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072207207.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
      Source: firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2084220193.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072207207.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
      Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/userDISCOVERY_STREAM_RECENT_SAVES
      Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/userDISCOVERY_STREAM_RECENT_SAVESpreffedRegionsBlockStringDISCOVERY_STRE
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
      Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2067931283.000001895BEDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
      Source: firefox.exe, 0000001C.00000003.2051534757.000001895D776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071047028.000001895B161000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2091242307.000001895D777000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2100320975.000001895B161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
      Source: firefox.exe, 0000001C.00000003.2092622713.000001895C4E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2030314381.000001895C4DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
      Source: firefox.exe, 0000001C.00000003.2029974559.000001895DD7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/security-error
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071047028.000001895B1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2081319523.000001895BE72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2099236274.000001895B1BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045394883.000001895BE71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2043144215.000001895DD1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
      Source: firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
      Source: firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-help
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-helpUpdateService:_postU
      Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911178538.0000018955F85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1987500115.0000018955F85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/website-translation
      Source: firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
      Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
      Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
      Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
      Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
      Source: firefox.exe, 0000001C.00000003.1860500592.000001894EF53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1861127010.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-west-first-party-cookies).
      Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
      Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
      Source: firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com
      Source: firefox.exe, 0000001C.00000003.2053613527.000001895C134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
      Source: firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
      Source: firefox.exe, 0000001C.00000003.2043664365.000001895C425000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
      Source: firefox.exe, 0000001C.00000003.2071663652.000001895A8F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
      Source: firefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
      Source: firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
      Source: firefox.exe, 0000001C.00000003.2053613527.000001895C134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E33A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787633340.0000019A71D1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1877832023.000001894F1CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1980968302.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2095605311.000001895BE46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920985799.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2047045540.000001895BE46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920444215.000001895C233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
      Source: firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
      Source: firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
      Source: firefox.exe, 0000001C.00000003.1861127010.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.certificate-transparency.org/what-is-ct
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
      Source: firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
      Source: firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
      Source: firefox.exe, 0000001C.00000003.2073604226.00000189517FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
      Source: firefox.exe, 0000001C.00000003.1912937133.0000018956408000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911648074.0000018951653000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1877832023.000001894F1CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/policies/privacy/
      Source: firefox.exe, 0000001C.00000003.2053727694.000001895BE38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1980968302.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920985799.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920444215.000001895C233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/searchget
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
      Source: firefox.exe, 0000001C.00000003.2093285023.000001895C193000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2044402728.000001895C18C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2053489735.000001895C18C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
      Source: firefox.exe, 0000000D.00000002.1808173624.0000019A6EF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1803921378.0000001EEB8BC000.00000004.00000010.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1825024377.000039FCAB304000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2067931283.000001895BEA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2093675723.000001895BEA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2067931283.000001895BEDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2069789590.000001895BDF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
      Source: firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
      Source: firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
      Source: firefox.exe, 0000001C.00000003.1916381879.000001895BF1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
      Source: firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
      Source: firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
      Source: firefox.exe, 0000001C.00000003.2092622713.000001895C4E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2030314381.000001895C4DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
      Source: firefox.exe, 0000001C.00000003.2079297211.000001895E0D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071047028.000001895B161000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2100320975.000001895B161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
      Source: firefox.exe, 0000001C.00000003.2070243027.000001895BB84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2095605311.000001895BE2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2097446779.000001895BB84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
      Source: firefox.exe, 0000001C.00000003.2092622713.000001895C4E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2030314381.000001895C4DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
      Source: firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
      Source: firefox.exe, 0000001C.00000003.1937566753.000001894F894000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
      Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/new/
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
      Source: firefox.exe, 0000000F.00000002.1804068215.0000020B28ACB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
      Source: firefox.exe, 0000000D.00000002.1813161249.0000019A71A48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
      Source: firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
      Source: firefox.exe, 0000001C.00000003.2095605311.000001895BE2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2100011822.000001895B17D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
      Source: firefox.exe, 0000000D.00000002.1806233700.0000019A6D939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/s
      Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.orgmodificationTime
      Source: firefox.exe, 0000000D.00000002.1803921378.0000001EEB8BC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.orgo
      Source: firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
      Source: firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E3AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806510380.0000019A6DAA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
      Source: firefox.exe, 0000001C.00000003.2053613527.000001895C134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
      Source: firefox.exe, 0000001C.00000003.2043664365.000001895C425000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
      Source: firefox.exe, 0000001C.00000003.2043144215.000001895DD3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2014066838.000001894F839000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.widevine.com/
      Source: firefox.exe, 0000001C.00000003.2101699082.00000189568F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072805139.00000189568E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
      Source: firefox.exe, 0000001C.00000003.2053613527.000001895C134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
      Source: firefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
      Source: firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yandex.com
      Source: firefox.exe, 0000001C.00000003.2084645948.0000018951DD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
      Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account
      Source: firefox.exe, 0000000F.00000002.1804736129.0000020B28B80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sigD
      Source: firefox.exe, 0000001C.00000003.2053489735.000001895C18C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2098839671.000001895BB1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
      Source: firefox.exe, 0000000B.00000002.1754712241.000001B05CB0A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1783060584.000001DDE5AB9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1804511793.0000019A61DB9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.1837723501.00000250A6C47000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.1849983595.000002E42EBA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdBoolean
      Source: firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdCheckerService:#upda
      Source: firefox.exe, 0000000D.00000002.1810646353.0000019A6F7A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1805552874.0000019A63E83000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1805552874.0000019A63DBA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804736129.0000020B28B84000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803795576.0000020B28770000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2086540729.000001894E5B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
      Source: firefox.exe, 0000000D.00000002.1804511793.0000019A61DB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdOR
      Source: firefox.exe, 0000000D.00000002.1804860653.0000019A62111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdPO
      Source: firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdThe
      Source: firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/accountservices.sync.log.logger.browsereEditorEnableWrapHackMaskeNewlinesReplace
      Source: firefox.exe, 0000001C.00000003.1980968302.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920985799.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2066233540.000001895C236000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920444215.000001895C233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com?
      Source: unknownNetwork traffic detected: HTTP traffic on port 64475 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51029
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64462
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64461
      Source: unknownNetwork traffic detected: HTTP traffic on port 64469 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 51029 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 64462 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 64465 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 64481 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51191
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51030
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51031
      Source: unknownNetwork traffic detected: HTTP traffic on port 50919 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64457
      Source: unknownNetwork traffic detected: HTTP traffic on port 64459 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 64472 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 64478 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64456
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64459
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50983 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 51191 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64471
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64470
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64473
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64472
      Source: unknownNetwork traffic detected: HTTP traffic on port 64468 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 64461 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 64464 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 64482 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50983
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64464
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64466
      Source: unknownNetwork traffic detected: HTTP traffic on port 64479 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64465
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64468
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64467
      Source: unknownNetwork traffic detected: HTTP traffic on port 64471 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64469
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64480
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64482
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64481
      Source: unknownNetwork traffic detected: HTTP traffic on port 64467 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64475
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 64470 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64474
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64477
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50919
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64476
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64479
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64478
      Source: unknownNetwork traffic detected: HTTP traffic on port 64474 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 64457 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 51030 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 64476 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 64466 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 64480 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 51031 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 64477 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 64456 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 64473 -> 443
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49754 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49756 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64465 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64471 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64472 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64473 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:64475 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.4:64474 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:64479 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64481 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64480 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64482 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.113.102:443 -> 192.168.2.4:50919 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51029 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51030 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51031 version: TLS 1.2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0082EAFF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0082ED6A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0082EAFF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0081AA57
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00849576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00849576

      System Summary

      barindex
      Binary is likely a compiled AutoIt script file
      Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
      Source: file.exe, 00000000.00000000.1688990080.0000000000872000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_1d5542a4-3
      Source: file.exe, 00000000.00000000.1688990080.0000000000872000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_61ff9ed4-3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0081D5EB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00811201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00811201
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0081E8F6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B80600_2_007B8060
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008220460_2_00822046
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008182980_2_00818298
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007EE4FF0_2_007EE4FF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E676B0_2_007E676B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008448730_2_00844873
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007BCAF00_2_007BCAF0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007DCAA00_2_007DCAA0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007CCC390_2_007CCC39
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E6DD90_2_007E6DD9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007CB1190_2_007CB119
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B91C00_2_007B91C0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D13940_2_007D1394
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D17060_2_007D1706
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D781B0_2_007D781B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C997D0_2_007C997D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B79200_2_007B7920
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D19B00_2_007D19B0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D7A4A0_2_007D7A4A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D1C770_2_007D1C77
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D7CA70_2_007D7CA7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E9EEE0_2_007E9EEE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0083BE440_2_0083BE44
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D1F320_2_007D1F32
      Source: C:\Users\user\Desktop\file.exeCode function: String function: 007CF9F2 appears 40 times
      Source: C:\Users\user\Desktop\file.exeCode function: String function: 007D0A30 appears 46 times
      Source: C:\Users\user\Desktop\file.exeCode function: String function: 007B9CB3 appears 31 times
      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
      Source: classification engineClassification label: mal72.troj.evad.winEXE@55/38@69/13
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008237B5 GetLastError,FormatMessageW,0_2_008237B5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008110BF AdjustTokenPrivileges,CloseHandle,0_2_008110BF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008116C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_008116C3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008251CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_008251CD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0081D4DC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0082648E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_007B42A2
      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7628:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3384:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6424:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1136:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3328:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7448:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7512:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7692:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7704:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3848:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2568:120:WilError_03
      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
      Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
      Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: firefox.exe, 0000001C.00000003.2071047028.000001895B161000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
      Source: firefox.exe, 0000001C.00000003.2071047028.000001895B1EE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
      Source: file.exeReversingLabs: Detection: 47%
      Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
      Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
      Source: C:\Windows\System32\conhost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2208 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {308dec56-a9e5-4107-a009-d3ff39bebe95} 5824 "\\.\pipe\gecko-crash-server-pipe.5824" 19a62170d10 socket
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
      Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2328 -parentBuildID 20230927232528 -prefsHandle 2272 -prefMapHandle 2264 -prefsLen 25359 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f1747b7-9f91-4c38-9d2f-6eda4767631b} 7800 "\\.\pipe\gecko-crash-server-pipe.7800" 1893e96e910 socket
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4676 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 1524 -prefMapHandle 4668 -prefsLen 32371 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f54f232-a1db-4584-a609-d58d2c4ec88b} 7800 "\\.\pipe\gecko-crash-server-pipe.7800" 1895a838710 utility
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2208 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {308dec56-a9e5-4107-a009-d3ff39bebe95} 5824 "\\.\pipe\gecko-crash-server-pipe.5824" 19a62170d10 socketJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2328 -parentBuildID 20230927232528 -prefsHandle 2272 -prefMapHandle 2264 -prefsLen 25359 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f1747b7-9f91-4c38-9d2f-6eda4767631b} 7800 "\\.\pipe\gecko-crash-server-pipe.7800" 1893e96e910 socketJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4676 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 1524 -prefMapHandle 4668 -prefsLen 32371 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f54f232-a1db-4584-a609-d58d2c4ec88b} 7800 "\\.\pipe\gecko-crash-server-pipe.7800" 1895a838710 utilityJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\compatibility.iniJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: The name of the library's debug file. For example, 'xul.pdb source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: "description": "The name of the library's debug file. For example, 'xul.pdb" source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: The results that the provider fetched for the query.Retrieves information about a single contextual identity.Unregister a content script registered programmaticallyReturns the value of the overridden new tab page. Read-only.This setting controls whether the document's fonts are used.The name of the provider whose behavior the listener returns.If true, the text in the urlbar will also be selected.Creates a contextual identity with the given data.Details about the contextual identity being created.After which mouse event context menus should popup.Whether to focus the input field and select its contents.Text and icons for up to two notification action buttons.The set of notifications currently in the system.Title of the notification (e.g. sender name for email).A URL to the image thumbnail for image-type notifications.The name of the file inside the profile/profiler directoryGathers the profile data from the current profiling session.The name of the library's debug file. For example, 'xul.pdb source: firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmp
      Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
      Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
      Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
      Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
      Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007B42DE
      Source: gmpopenh264.dll.tmp.28.drStatic PE information: section name: .rodata
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D0A76 push ecx; ret 0_2_007D0A89
      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007CF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_007CF98E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00841C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00841C41
      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Found API chain indicative of sandbox detection
      Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95304
      Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.5 %
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0081DBBE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008268EE FindFirstFileW,FindClose,0_2_008268EE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0082698F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0081D076
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0081D3A9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00829642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00829642
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0082979D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00829B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00829B2B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00825C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00825C97
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007B42DE
      Source: firefox.exe, 0000000D.00000002.1805552874.0000019A63DE4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1805552874.0000019A63DB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803795576.0000020B287A8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803795576.0000020B2877A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: firefox.exe, 0000000D.00000002.1806510380.0000019A6DAA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804833476.0000020B28C19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
      Source: firefox.exe, 0000000F.00000002.1803795576.0000020B2877A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpMz(
      Source: firefox.exe, 0000000F.00000002.1803795576.0000020B287A8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1805115662.0000020B29040000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082EAA2 BlockInput,0_2_0082EAA2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007E2622
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007B42DE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D4CE8 mov eax, dword ptr fs:[00000030h]0_2_007D4CE8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00810B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00810B62
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007E2622
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007D083F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D09D5 SetUnhandledExceptionFilter,0_2_007D09D5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_007D0C21
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00811201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00811201
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007F2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_007F2BA5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081B226 SendInput,keybd_event,0_2_0081B226
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008322DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_008322DA
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00810B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00810B62
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00811663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00811663
      Source: file.exe, 00000000.00000000.1688990080.0000000000872000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
      Source: file.exeBinary or memory string: Shell_TrayWnd
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D0698 cpuid 0_2_007D0698
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00828195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00828195
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0080D27A GetUserNameW,0_2_0080D27A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007EBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_007EBB6F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007B42DE
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

      Stealing of Sensitive Information

      barindex
      Yara detected Credential Flusher
      Source: Yara matchFile source: 00000000.00000003.1866585631.000000000153F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: file.exe PID: 6212, type: MEMORYSTR
      Source: file.exeBinary or memory string: WIN_81
      Source: file.exeBinary or memory string: WIN_XP
      Source: file.exe, 00000000.00000000.1688990080.0000000000872000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
      Source: file.exeBinary or memory string: WIN_XPe
      Source: file.exeBinary or memory string: WIN_VISTA
      Source: file.exeBinary or memory string: WIN_7
      Source: file.exeBinary or memory string: WIN_8

      Remote Access Functionality

      barindex
      Yara detected Credential Flusher
      Source: Yara matchFile source: 00000000.00000003.1866585631.000000000153F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: file.exe PID: 6212, type: MEMORYSTR
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00831204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00831204
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00831806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00831806

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire Infrastructure2
      Valid Accounts      		11
      Windows Management Instrumentation      		1
      DLL Side-Loading      		1
      Exploitation for Privilege Escalation      		2
      Disable or Modify Tools      		21
      Input Capture      		2
      System Time Discovery      		Remote Services1
      Archive Collected Data      		2
      Ingress Tool Transfer      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault Accounts1
      Native API      		2
      Valid Accounts      		1
      DLL Side-Loading      		1
      Deobfuscate/Decode Files or Information      		LSASS Memory1
      Account Discovery      		Remote Desktop Protocol21
      Input Capture      		12
      Encrypted Channel      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      Extra Window Memory Injection      		2
      Obfuscated Files or Information      		Security Account Manager3
      File and Directory Discovery      		SMB/Windows Admin Shares3
      Clipboard Data      		2
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
      Valid Accounts      		1
      DLL Side-Loading      		NTDS16
      System Information Discovery      		Distributed Component Object ModelInput Capture3
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
      Access Token Manipulation      		1
      Extra Window Memory Injection      		LSA Secrets131
      Security Software Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
      Process Injection      		1
      Masquerading      		Cached Domain Credentials1
      Virtualization/Sandbox Evasion      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
      Valid Accounts      		DCSync3
      Process Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
      Virtualization/Sandbox Evasion      		Proc Filesystem1
      Application Window Discovery      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
      Access Token Manipulation      		/etc/passwd and /etc/shadow1
      System Owner/User Discovery      		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
      Process Injection      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1543740 Sample: file.exe Startdate: 28/10/2024 Architecture: WINDOWS Score: 72 51 youtube.com 2->51 53 youtube-ui.l.google.com 2->53 55 34 other IPs or domains 2->55 65 Multi AV Scanner detection for submitted file 2->65 67 Yara detected Credential Flusher 2->67 69 Binary is likely a compiled AutoIt script file 2->69 71 2 other signatures 2->71 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        13 firefox.exe 1 2->13         started        signatures3 process4 signatures5 73 Binary is likely a compiled AutoIt script file 8->73 75 Found API chain indicative of sandbox detection 8->75 15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        19 taskkill.exe 1 8->19         started        27 9 other processes 8->27 21 firefox.exe 218 11->21         started        25 firefox.exe 3 41 13->25         started        process6 dnsIp7 41 2 other processes 15->41 29 conhost.exe 17->29         started        31 conhost.exe 19->31         started        57 142.250.113.102, 443, 50919 GOOGLEUS United States 21->57 59 youtube.com 142.250.185.206, 443, 49750, 49751 GOOGLEUS United States 21->59 63 10 other IPs or domains 21->63 47 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 21->47 dropped 49 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 21->49 dropped 43 2 other processes 21->43 61 127.0.0.1 unknown unknown 25->61 33 firefox.exe 1 25->33         started        35 conhost.exe 27->35         started        37 conhost.exe 27->37         started        39 conhost.exe 27->39         started        45 4 other processes 27->45 file8 process9

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      file.exe47%ReversingLabsWin32.Trojan.CredentialFlusher
      file.exe100%Joe Sandbox ML

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
      https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
      https://datastudio.google.com/embed/reporting/0%URL Reputationsafe
      https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
      https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl0%URL Reputationsafe
      https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
      https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
      https://spocs.getpocket.com/spocs0%URL Reputationsafe
      https://screenshots.firefox.com0%URL Reputationsafe
      https://shavar.services.mozilla.com0%URL Reputationsafe
      https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
      https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
      https://monitor.firefox.com/breach-details/0%URL Reputationsafe
      https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
      https://xhr.spec.whatwg.org/#sync-warning0%URL Reputationsafe
      https://profiler.firefox.com/0%URL Reputationsafe
      https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
      https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
      http://exslt.org/sets0%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
      https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht0%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
      https://api.accounts.firefox.com/v10%URL Reputationsafe
      http://exslt.org/common0%URL Reputationsafe
      https://ok.ru/0%URL Reputationsafe
      https://fpn.firefox.com0%URL Reputationsafe
      https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
      http://win.mail.ru/cgi-bin/sentmsg?mailto=%s0%URL Reputationsafe
      https://bugzilla.mozilla.org/show_bug.cgi?id=12836010%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
      https://MD8.mozilla.org/1/m0%URL Reputationsafe
      https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
      https://bugzilla.mozilla.org/show_bug.cgi?id=12662200%URL Reputationsafe
      https://bugzilla.mo0%URL Reputationsafe
      https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
      https://static.adsafeprotected.com/firefox-etp-js0%URL Reputationsafe
      https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture0%URL Reputationsafe
      https://spocs.getpocket.com/0%URL Reputationsafe
      https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
      https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
      https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
      https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
      https://bugzilla.mozilla.org/show_bug.cgi?id=15844640%URL Reputationsafe
      https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
      https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
      https://bugzilla.mozilla.org/show_bug.cgi?id=11701430%URL Reputationsafe
      https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
      https://monitor.firefox.com/about0%URL Reputationsafe
      https://www.openh264.org/0%URL Reputationsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      example.org
      		93.184.215.14
      		truefalse
        		unknown
        star-mini.c10r.facebook.com
        		157.240.0.35
        		truefalse
          		unknown
          prod.classify-client.prod.webservices.mozgcp.net
          		35.190.72.216
          		truefalse
            		unknown
            prod.balrog.prod.cloudops.mozgcp.net
            		35.244.181.201
            		truefalse
              		unknown
              twitter.com
              		104.244.42.65
              		truefalse
                		unknown
                prod.detectportal.prod.cloudops.mozgcp.net
                		34.107.221.82
                		truefalse
                  		unknown
                  services.addons.mozilla.org
                  		151.101.129.91
                  		truefalse
                    		unknown
                    dyna.wikimedia.org
                    		185.15.59.224
                    		truefalse
                      		unknown
                      prod.remote-settings.prod.webservices.mozgcp.net
                      		34.149.100.209
                      		truefalse
                        		unknown
                        contile.services.mozilla.com
                        		34.117.188.166
                        		truefalse
                          		unknown
                          youtube.com
                          		142.250.185.206
                          		truefalse
                            		unknown
                            prod.content-signature-chains.prod.webservices.mozgcp.net
                            		34.160.144.191
                            		truefalse
                              		unknown
                              youtube-ui.l.google.com
                              		142.250.185.142
                              		truefalse
                                		unknown
                                us-west1.prod.sumo.prod.webservices.mozgcp.net
                                		34.149.128.2
                                		truefalse
                                  		unknown
                                  reddit.map.fastly.net
                                  		151.101.65.140
                                  		truefalse
                                    		unknown
                                    ipv4only.arpa
                                    		192.0.0.171
                                    		truefalse
                                      		unknown
                                      prod.ads.prod.webservices.mozgcp.net
                                      		34.117.188.166
                                      		truefalse
                                        		unknown
                                        push.services.mozilla.com
                                        		34.107.243.93
                                        		truefalse
                                          		unknown
                                          normandy-cdn.services.mozilla.com
                                          		35.201.103.21
                                          		truefalse
                                            		unknown
                                            telemetry-incoming.r53-2.services.mozilla.com
                                            		34.120.208.123
                                            		truefalse
                                              		unknown
                                              www.reddit.com
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                spocs.getpocket.com
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  content-signature-2.cdn.mozilla.net
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    support.mozilla.org
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      firefox.settings.services.mozilla.com
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        www.youtube.com
                                                        		unknown
                                                        		unknownfalse
                                                          		unknown
                                                          www.facebook.com
                                                          		unknown
                                                          		unknownfalse
                                                            		unknown
                                                            detectportal.firefox.com
                                                            		unknown
                                                            		unknownfalse
                                                              		unknown
                                                              normandy.cdn.mozilla.net
                                                              		unknown
                                                              		unknownfalse
                                                                		unknown
                                                                shavar.services.mozilla.com
                                                                		unknown
                                                                		unknownfalse
                                                                  		unknown
                                                                  www.wikipedia.org
                                                                  		unknown
                                                                  		unknownfalse
                                                                    		unknown

                                                                    URLs from Memory and Binaries

                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1678942firefox.exe, 0000001C.00000003.1936650873.000001894F870000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://datastudio.google.com/embed/reporting/firefox.exe, 0000001C.00000003.2029974559.000001895DD7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2089975688.000001895DD80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2012940249.000001894F7B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2039149892.000001894F7B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000001C.00000003.1992060889.000001895166E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911615292.0000018951672000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordsfirefox.exe, 0000000D.00000002.1807513285.0000019A6E3EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000D.00000002.1804860653.0000019A621D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28A72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://mail.google.com/mail/?extsrc=mailto&url=%sPdfJs.initfirefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://youtube.com/accountservices.sync.log.logger.browsereEditorEnableWrapHackMaskeNewlinesReplacefirefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://screenshots.firefox.com/#firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://account.bellmedia.caControllerCommands:DoWithParamsgetfirefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://spocs.getpocket.com/spocsfirefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://ebay.comfirefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordshttpsfirefox.exe, 0000000D.00000002.1807513285.0000019A6E3EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://screenshots.firefox.comfirefox.exe, 0000000D.00000002.1806510380.0000019A6DAF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E2B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://shavar.services.mozilla.comfirefox.exe, 0000001C.00000003.2069789590.000001895BDC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2096738785.000001895BDC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://completion.amazon.com/search/complete?q=firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1877832023.000001894F1CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://monitor.firefox.com/breach-details/firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://screenshots.firefox.com/shims/google-safeframe.htmlfirefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://youtube.com?firefox.exe, 0000001C.00000003.1980968302.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920985799.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2066233540.000001895C236000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920444215.000001895C233000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000D.00000002.1807513285.0000019A6E33A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787633340.0000019A71D1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1877832023.000001894F1CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1980968302.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2095605311.000001895BE46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920985799.000001895C233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2047045540.000001895BE46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1920444215.000001895C233000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://profiler.firefox.com/firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://www.msn.comfirefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://ac.duckduckgo.com/ac/getfirefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000D.00000003.1788423626.0000019A71D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787444831.0000019A71B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813059467.0000019A71970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788221967.0000019A71D5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787633340.0000019A71D1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788058802.0000019A71D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1877964039.000001894F170000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2059441921.000001895C700000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://exslt.org/setsfirefox.exe, 0000000D.00000002.1806233700.0000019A6D98A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://src.chromium.org/viewvc/chrome/trunk/src/third_party/cld/languages/internal/languages.ccfirefox.exe, 0000001C.00000003.1861243377.000001894F16A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1861171622.000001894F15D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000001C.00000003.1937180303.000001894F89C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingfirefox.exe, 0000000D.00000002.1807154705.0000019A6E22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://api.accounts.firefox.com/v1firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://exslt.org/commonfirefox.exe, 0000000D.00000002.1806233700.0000019A6D98A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://firefox.settings.services.mozilla.com/v1ifirefox.exe, 0000001C.00000003.2067931283.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045394883.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2093675723.000001895BEE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://ok.ru/firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://www.amazon.com/firefox.exe, 0000001C.00000003.2053613527.000001895C134000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://fpn.firefox.comfirefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://www.widevine.com/firefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://exslt.org/dates-and-timesfirefox.exe, 0000000D.00000002.1806233700.0000019A6D961000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806233700.0000019A6D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1804068215.0000020B28AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2963218001.000001A5E2604000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://firefox.settings.services.mozilla.com/v1Failedfirefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://ocsp.rootca1.amazontrust.com0:firefox.exe, 0000000D.00000002.1823543005.0000019A73EED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causesfirefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1911178538.0000018955F85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1987500115.0000018955F85000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://win.mail.ru/cgi-bin/sentmsg?mailto=%sfirefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806889400.0000019A6DF82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://spocs.getpocket.com/userDISCOVERY_STREAM_RECENT_SAVESpreffedRegionsBlockStringDISCOVERY_STREfirefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://www.youtube.com/firefox.exe, 0000001C.00000003.2053613527.000001895C134000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000001C.00000003.1970542168.000001894F927000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936849842.000001894F90F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://MD8.mozilla.org/1/mfirefox.exe, 0000001C.00000003.2093675723.000001895BE97000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000001C.00000003.2042580781.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2079297211.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2050779233.000001895E0AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2088427811.000001895E0AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 0000000D.00000002.1808173624.0000019A6EF74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://127.0.0.1:firefox.exe, 0000000D.00000002.1813518257.0000019A71B93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000001C.00000003.1937612581.000001894F887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F870000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1937123177.000001894F886000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://bugzilla.mofirefox.exe, 0000001C.00000003.2087662443.000001895E0D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://mitmdetection.services.mozilla.com/firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://amazon.comfirefox.exe, 0000000D.00000002.1811361264.0000019A7027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://detectportal.firefox.com/canonical.htmlbrowser.crashReports.unsubmittedCheck.Selectedfirefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://firefox.settings.services.mozilla.com/v1i#firefox.exe, 0000001C.00000003.2067931283.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2045394883.000001895BEE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2093675723.000001895BEE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://compose.mail.yahoo.co.jp/ym/Compose?To=%sresource://gre/modules/NetUtil.sys.mjshttp://poczta.firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000D.00000002.1807154705.0000019A6E212000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://spocs.getpocket.com/firefox.exe, 0000001C.00000003.2043718314.000001895C414000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2072207207.00000189581C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.1913188008.000001894F1D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2071663652.000001895A8B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-helpUpdateService:_postUfirefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              https://www.iqiyi.com/firefox.exe, 0000001C.00000003.1913218989.000001894F1B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://github.com/mozilla-services/screenshotshttps://screenshots.firefox.com/firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://addons.mozilla.orgcreateContentPrincipalFromOriginhttps://monitor.firefox.combrowser.handlerfirefox.exe, 0000000D.00000002.1807513285.0000019A6E303000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000001C.00000003.1913118959.000001894F1F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://yandex.comfirefox.exe, 0000001C.00000003.2064501833.00000189580B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 0000000D.00000002.1811361264.0000019A702B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://profiler.firefox.comTY8Hfirefox.exe, 0000001C.00000003.2023671339.000001894D598000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2031535124.000001894D598000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1170143firefox.exe, 0000001C.00000003.1936650873.000001894F87C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://profiler.firefox.comdch_handle/handleNotification/firefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://monitor.firefox.com/aboutfirefox.exe, 0000000D.00000002.1806732925.0000019A6DDC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1803947767.0000020B28880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              http://mozilla.org/MPL/2.0/.firefox.exe, 0000000D.00000002.1816841006.0000019A72295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813518257.0000019A71B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1817637326.0000019A72ACF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1814151579.0000019A71D04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1815265178.0000019A720DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1808173624.0000019A6EF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1814151579.0000019A71D3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1813161249.0000019A71A48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1817441058.0000019A72403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1816507435.0000019A72186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1815265178.0000019A720FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806510380.0000019A6DAA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1817637326.0000019A72A03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1819386390.0000019A72B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1823543005.0000019A73E76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1811361264.0000019A702E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1810646353.0000019A6F754000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1815265178.0000019A720F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1823543005.0000019A73E86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1814151579.0000019A71D07000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1823543005.0000019A73E7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://www.openh264.org/firefox.exe, 0000000D.00000002.1807513285.0000019A6E3AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1806510380.0000019A6DAA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1238180PlacesToolbarHelper.populateManagedBookmarks(thifirefox.exe, 0000000D.00000002.1807513285.0000019A6E3AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://www.google.com/searchgetfirefox.exe, 0000000D.00000002.1807513285.0000019A6E372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown

                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                    Public IPs

                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                    142.250.185.206
                                                                                                                                                                    		youtube.comUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    34.149.100.209
                                                                                                                                                                    		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                    		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                    151.101.129.91
                                                                                                                                                                    		services.addons.mozilla.orgUnited States
                                                                                                                                                                    		54113FASTLYUSfalse
                                                                                                                                                                    34.107.243.93
                                                                                                                                                                    		push.services.mozilla.comUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    34.107.221.82
                                                                                                                                                                    		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    35.244.181.201
                                                                                                                                                                    		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    34.117.188.166
                                                                                                                                                                    		contile.services.mozilla.comUnited States
                                                                                                                                                                    		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                    142.250.113.102
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    35.201.103.21
                                                                                                                                                                    		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    35.190.72.216
                                                                                                                                                                    		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    34.160.144.191
                                                                                                                                                                    		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                    		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                    34.120.208.123
                                                                                                                                                                    		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse

                                                                                                                                                                    Private

                                                                                                                                                                    IP
                                                                                                                                                                    127.0.0.1

                                                                                                                                                                    General Information

                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                    Analysis ID:1543740
                                                                                                                                                                    Start date and time:2024-10-28 11:05:05 +01:00
                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                    Overall analysis duration:0h 7m 58s
                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                    Report type:full
                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                    Number of analysed new started processes analysed:35
                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                    Technologies:
                                                                                                                                                                    • HCA enabled
                                                                                                                                                                    • EGA enabled
                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                    Sample name:file.exe
                                                                                                                                                                    Detection:MAL
                                                                                                                                                                    Classification:mal72.troj.evad.winEXE@55/38@69/13
                                                                                                                                                                    EGA Information:
                                                                                                                                                                    • Successful, ratio: 16.7%
                                                                                                                                                                    HCA Information:
                                                                                                                                                                    • Successful, ratio: 92%
                                                                                                                                                                    • Number of executed functions: 45
                                                                                                                                                                    • Number of non-executed functions: 314
                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                    Warnings

                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 34.211.181.209, 34.218.156.47, 52.32.18.233, 216.58.206.46, 2.22.61.59, 2.22.61.56, 142.250.185.142, 216.58.206.74, 142.250.185.138
                                                                                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, slscr.update.microsoft.com, otelrules.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                    • Execution Graph export aborted for target firefox.exe, PID 5824 because it is empty
                                                                                                                                                                    • Execution Graph export aborted for target firefox.exe, PID 7800 because there are no executed function
                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                    • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                    • VT rate limit hit for: file.exe

                                                                                                                                                                    Simulations

                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                    06:06:24API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                                                                    10:05:51Task SchedulerRun new task: {B10A8FAA-7B8C-4B29-BD53-D3E33D425981} path:

                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                    IPs

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                    34.117.188.166file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                        34.149.100.209file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            151.101.129.91file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                34.160.144.191file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                    example.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                    twitter.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 104.244.42.129
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 104.244.42.193
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 104.244.42.193
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 104.244.42.193
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 104.244.42.193
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 104.244.42.65
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 104.244.42.65
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 104.244.42.129
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 104.244.42.193
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 104.244.42.129
                                                                                                                                                                                                                                                    services.addons.mozilla.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 151.101.65.91
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 151.101.65.91
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                                                                                    star-mini.c10r.facebook.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 157.240.252.35
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 157.240.253.35
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 157.240.253.35
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 157.240.252.35
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 157.240.0.35
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 157.240.0.35
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 157.240.0.35
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 157.240.252.35
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 157.240.251.35
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 157.240.252.35

                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                    GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                    arm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 34.117.135.29
                                                                                                                                                                                                                                                    http://delivery.aima.in/KUJABQ?id=12442=dkxVUwNRDAEFTQIMBlVXAlpcUABXUAlUW1BaUQMHCQQMB1RQBwAKAwMHUlMBVQsKAQ1KQ1IQSlQGdQtdWUFRG0VcGVIFUQENDgMABgcGBwdVAAUOTwpEQRIPTRxSUlxcQ1UXGhwCUVhWH15bGXhmeSN7ZwZaBkxDUQ==&fl=XUQRE0FZFxpUVFlBRFJfQw1LQlhfTFFHAV0HV0NUX1haXgwXQQtZG1hDUBtYVBxaDF1TQQBMWEEPWQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 34.117.197.73
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                    ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                    la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 32.150.79.150
                                                                                                                                                                                                                                                    la.bot.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                    • 57.30.197.152
                                                                                                                                                                                                                                                    la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 33.252.227.245
                                                                                                                                                                                                                                                    la.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 48.228.18.214
                                                                                                                                                                                                                                                    la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 33.102.128.190
                                                                                                                                                                                                                                                    la.bot.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 56.31.68.92
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                    la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 33.130.33.195
                                                                                                                                                                                                                                                    FASTLYUShttps://ipfs.io/ipfs/QmNRd2YnNadczqweR7UkjNBG3cvGj4th37n2oBP7ZKKPD8#test@kghm.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                    • 151.101.2.137
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 151.101.65.91
                                                                                                                                                                                                                                                    https://alinefrasca.sbs/pktcr/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                    • 151.101.193.229
                                                                                                                                                                                                                                                    https://bitly.cx/NXacYGet hashmaliciousGRQ ScamBrowse
                                                                                                                                                                                                                                                    • 151.101.2.208
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 151.101.65.91
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                                                                                    ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                    la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 32.150.79.150
                                                                                                                                                                                                                                                    la.bot.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                    • 57.30.197.152
                                                                                                                                                                                                                                                    la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 33.252.227.245
                                                                                                                                                                                                                                                    la.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 48.228.18.214
                                                                                                                                                                                                                                                    la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 33.102.128.190
                                                                                                                                                                                                                                                    la.bot.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 56.31.68.92
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                    la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 33.130.33.195

                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                    fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                    • 142.250.113.102
                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                    • 142.250.113.102
                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                    • 142.250.113.102
                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                    • 142.250.113.102
                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                    • 142.250.113.102
                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                    • 142.250.113.102
                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                    • 142.250.113.102
                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                    • 142.250.113.102
                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                    • 142.250.113.102
                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                    • 142.250.113.102
                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                                                                                    • 34.120.208.123

                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                        C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_31aa4d71-ad34-4a23-9711-2fe2cb8c94e4.json (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):7813
                                                                                                                                                                                                                                                                        Entropy (8bit):5.174859975687252
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:gjMX1BCcbhbVbTbfbRbObtbyEl7nsNwJA6WnSrDtTUd/SkDrV:gYucNhnzFSJMNjBnSrDhUd/n
                                                                                                                                                                                                                                                                        MD5:CBA1CDC8387B7A0577F92E23DF6018A4
                                                                                                                                                                                                                                                                        SHA1:C16665FB8DBA6BF69729120130104AC8A2F04CF1
                                                                                                                                                                                                                                                                        SHA-256:D0031F5C68448B7355EACA9EED8839A51C7350F5076B18CA8877ED93B3CE1CC8
                                                                                                                                                                                                                                                                        SHA-512:8B9AE58A6447707CE04FC67B84A18420B93FCF830CCD4F7AEE1D74C6531806D1A3856909370CC4F284A9ABD226B833632FB616521FB3072C53F6763622F88F1D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"type":"uninstall","id":"31aa4d71-ad34-4a23-9711-2fe2cb8c94e4","creationDate":"2024-10-28T11:43:50.247Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                        C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_31aa4d71-ad34-4a23-9711-2fe2cb8c94e4.json.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):7813
                                                                                                                                                                                                                                                                        Entropy (8bit):5.174859975687252
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:gjMX1BCcbhbVbTbfbRbObtbyEl7nsNwJA6WnSrDtTUd/SkDrV:gYucNhnzFSJMNjBnSrDhUd/n
                                                                                                                                                                                                                                                                        MD5:CBA1CDC8387B7A0577F92E23DF6018A4
                                                                                                                                                                                                                                                                        SHA1:C16665FB8DBA6BF69729120130104AC8A2F04CF1
                                                                                                                                                                                                                                                                        SHA-256:D0031F5C68448B7355EACA9EED8839A51C7350F5076B18CA8877ED93B3CE1CC8
                                                                                                                                                                                                                                                                        SHA-512:8B9AE58A6447707CE04FC67B84A18420B93FCF830CCD4F7AEE1D74C6531806D1A3856909370CC4F284A9ABD226B833632FB616521FB3072C53F6763622F88F1D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"type":"uninstall","id":"31aa4d71-ad34-4a23-9711-2fe2cb8c94e4","creationDate":"2024-10-28T11:43:50.247Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):453023
                                                                                                                                                                                                                                                                        Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                        MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                        SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                        SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                        SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3621
                                                                                                                                                                                                                                                                        Entropy (8bit):4.925957341751285
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:YnSwkmrOfJNmPUFpOdwNIOdoWLEWLtkDLuuukx5FBvipA6kbbXjQthvLuhakNL9V:8S+OfJQPUFpOdwNIOdYVjvYcXaNLwK8P
                                                                                                                                                                                                                                                                        MD5:5D18CD3608A7EEF660ACD193D9A31A07
                                                                                                                                                                                                                                                                        SHA1:AE015928A90022207F528EC34153ECF47FA882B8
                                                                                                                                                                                                                                                                        SHA-256:940BFED380488680FD97133CAA945BB92EA5EC5171CA0F2053B3A2796FE0798A
                                                                                                                                                                                                                                                                        SHA-512:C17787EF2A4E9B3F17FFCE2AC9D31C3A10777D56CBDF1EBA03FE0384E1FD9E95C9ED682C9B68BCA9F71FAE3DB3DFF497119A63EE7B6438C3B4AE46674433BD8F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3621
                                                                                                                                                                                                                                                                        Entropy (8bit):4.925957341751285
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:YnSwkmrOfJNmPUFpOdwNIOdoWLEWLtkDLuuukx5FBvipA6kbbXjQthvLuhakNL9V:8S+OfJQPUFpOdwNIOdYVjvYcXaNLwK8P
                                                                                                                                                                                                                                                                        MD5:5D18CD3608A7EEF660ACD193D9A31A07
                                                                                                                                                                                                                                                                        SHA1:AE015928A90022207F528EC34153ECF47FA882B8
                                                                                                                                                                                                                                                                        SHA-256:940BFED380488680FD97133CAA945BB92EA5EC5171CA0F2053B3A2796FE0798A
                                                                                                                                                                                                                                                                        SHA-512:C17787EF2A4E9B3F17FFCE2AC9D31C3A10777D56CBDF1EBA03FE0384E1FD9E95C9ED682C9B68BCA9F71FAE3DB3DFF497119A63EE7B6438C3B4AE46674433BD8F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5312
                                                                                                                                                                                                                                                                        Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                        MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                        SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                        SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                        SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5312
                                                                                                                                                                                                                                                                        Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                        MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                        SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                        SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                        SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):24
                                                                                                                                                                                                                                                                        Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                        MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                        SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                        SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                        SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):24
                                                                                                                                                                                                                                                                        Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                        MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                        SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                        SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                        SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\compatibility.ini

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:Windows WIN.INI
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):200
                                                                                                                                                                                                                                                                        Entropy (8bit):5.391255133360986
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:tZAQUsjcmktYWwktUp/UNE2aT/P4WX1rDZjrEFwHQ3ZjrEFwslyy:JWtYWXtUp8babN1rDVEFycVEFL
                                                                                                                                                                                                                                                                        MD5:3FB561547A46AF02D6B00F86DC370634
                                                                                                                                                                                                                                                                        SHA1:914867E4C763611B441835A3FC0082359FBF7277
                                                                                                                                                                                                                                                                        SHA-256:5393F0E8D90EE6A26EAC13B81B83EDC0637487B3E427175021D7EC4CDE8E34A7
                                                                                                                                                                                                                                                                        SHA-512:0E05486A6B6AD65D3A95FCFE46BE6687DD47E311374F11DE89F9CFB8C301951D6BFE43FA24851A3E759B6F8AF69A5F593568FB61F576AB52941F6B2B6EE54BC8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:[Compatibility]..LastVersion=118.0.1_20230927232528/20230927232528..LastOSABI=WINNT_x86_64-msvc..LastPlatformDir=C:\Program Files\Mozilla Firefox..LastAppDir=C:\Program Files\Mozilla Firefox\browser..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 5
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):262144
                                                                                                                                                                                                                                                                        Entropy (8bit):0.04905391753567332
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:DLivwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:D6wae+QtMImelekKDa5
                                                                                                                                                                                                                                                                        MD5:DD9D28E87ED57D16E65B14501B4E54D1
                                                                                                                                                                                                                                                                        SHA1:793839B47326441BE2D1336BA9A61C9B948C578D
                                                                                                                                                                                                                                                                        SHA-256:BB4E6C58C50BD6399ED70468C02B584595C29F010B66F864CD4D6B427FA365BC
                                                                                                                                                                                                                                                                        SHA-512:A2626F6A3CBADE62E38DA5987729D99830D0C6AA134D4A9E615026A5F18ACBB11A2C3C80917DAD76DA90ED5BAA9B0454D4A3C2DD04436735E78C974BA1D035B1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):66
                                                                                                                                                                                                                                                                        Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                        MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                        SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                        SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                        SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):66
                                                                                                                                                                                                                                                                        Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                        MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                        SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                        SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                        SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extension-preferences.json (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1463
                                                                                                                                                                                                                                                                        Entropy (8bit):4.574593760134356
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:Y5FKFpovPVKFpovPFKFpovdlgKFpovVfKFpovQ/SKFpovNkmKFpovHmKFpovdh9m:YTJpVWtbbFZ+Vpk5t
                                                                                                                                                                                                                                                                        MD5:9AB26458FA5ECE134CE4EFE3EA06EE6A
                                                                                                                                                                                                                                                                        SHA1:C919123D4A4A3123DED72B3445BF98FC96C20846
                                                                                                                                                                                                                                                                        SHA-256:F50CBF6C3B129B43895AB854F81C3B7137CD892BE34C84082115838461643523
                                                                                                                                                                                                                                                                        SHA-512:5749E9033654803A20F22E2F0C77BF5B816AD3AB7ACD081882AB861B496C615F99BF4135C500C52EE1A1D3500F1487282726AF839CBABFBE504EA3BA91A6352A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"formautofill@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"pictureinpicture@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"screenshots@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"webcompat@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"default-theme@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"addons-search-detection@mozilla.com":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"google@search.mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"amazondotcom@search.mozilla.org":{"permissions":["internal:svgContex

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extension-preferences.json.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1463
                                                                                                                                                                                                                                                                        Entropy (8bit):4.574593760134356
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:Y5FKFpovPVKFpovPFKFpovdlgKFpovVfKFpovQ/SKFpovNkmKFpovHmKFpovdh9m:YTJpVWtbbFZ+Vpk5t
                                                                                                                                                                                                                                                                        MD5:9AB26458FA5ECE134CE4EFE3EA06EE6A
                                                                                                                                                                                                                                                                        SHA1:C919123D4A4A3123DED72B3445BF98FC96C20846
                                                                                                                                                                                                                                                                        SHA-256:F50CBF6C3B129B43895AB854F81C3B7137CD892BE34C84082115838461643523
                                                                                                                                                                                                                                                                        SHA-512:5749E9033654803A20F22E2F0C77BF5B816AD3AB7ACD081882AB861B496C615F99BF4135C500C52EE1A1D3500F1487282726AF839CBABFBE504EA3BA91A6352A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"formautofill@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"pictureinpicture@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"screenshots@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"webcompat@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"default-theme@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"addons-search-detection@mozilla.com":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"google@search.mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"amazondotcom@search.mozilla.org":{"permissions":["internal:svgContex

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):36830
                                                                                                                                                                                                                                                                        Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                                        MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                                        SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                                        SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                                        SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):36830
                                                                                                                                                                                                                                                                        Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                                        MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                                        SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                                        SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                                        SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1021904
                                                                                                                                                                                                                                                                        Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                        MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                        SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                        SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                        SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1021904
                                                                                                                                                                                                                                                                        Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                        MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                        SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                        SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                        SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):116
                                                                                                                                                                                                                                                                        Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                        MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                        SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                        SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                        SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):116
                                                                                                                                                                                                                                                                        Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                        MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                        SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                        SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                        SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):98304
                                                                                                                                                                                                                                                                        Entropy (8bit):0.07338695179673393
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkik8l:DLhesh7Owd4+jik8
                                                                                                                                                                                                                                                                        MD5:17FBF5F74854F9C4CED995C972D67AD9
                                                                                                                                                                                                                                                                        SHA1:E1F4DCF1560690EAC128981A610C2B242941DC8F
                                                                                                                                                                                                                                                                        SHA-256:AD5527BF2E207FF177BF706B59FE0E96A8E27535DF664787E7B9571972EEE5FA
                                                                                                                                                                                                                                                                        SHA-512:B5084EC05410BFA78F40F644B5D5BE29E1238AE8335048F84F1531BAB5574AE2FE7FABBDB09EB044FBB5B160D5F5C0BEC3383AB97A9B8A4CA1670A5746E50BB7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                                                        Entropy (8bit):0.035699946889726504
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:GtlstF95ewKy9HY1lstF95ewKyllXT89//alEl:GtWtBJyWtBJ789XuM
                                                                                                                                                                                                                                                                        MD5:30516D0B3DC03BFF1BACF61B9531FF44
                                                                                                                                                                                                                                                                        SHA1:1851A6E4D5D7257C3869EC8D6AAF27F86DA33275
                                                                                                                                                                                                                                                                        SHA-256:555D78D81C7FBFA9E5A492D836586BF0D05D25B3D343D3789B42A965FD05AB91
                                                                                                                                                                                                                                                                        SHA-512:6E5CCB2002E056DBAABC6EA1F4A3F8A370F961CF008849EABC85C3554175375262D026D38B86BA7714962ABDC6E0148F53C3162F32CA3B2F8D87983A195FFBDE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:..-........................}....s.Y.R.Z. .cQ....-........................}....s.Y.R.Z. .cQ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):32824
                                                                                                                                                                                                                                                                        Entropy (8bit):0.039920253262097694
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:Ol1DyKLpSFao/f5DBqtPlX7l8rEXsxdwhml8XW3R2:KxyiSFjJFqVlrl8dMhm93w
                                                                                                                                                                                                                                                                        MD5:7A8B09419A5338572872A2EF43B86163
                                                                                                                                                                                                                                                                        SHA1:724BE74A88561FFAF35C65C32763F87B9BA5D1BE
                                                                                                                                                                                                                                                                        SHA-256:972C70D2038B7CDAAB068806E394C43C1A8776730D41BD8AD9F6F54B369AA266
                                                                                                                                                                                                                                                                        SHA-512:EC5AA290651D5F3C449E75989DC6517FF231ED178C8ABA30502B2503EBB25C7EE70CD0E2BAEE06858BC83A09E65F9BA2A0EDA66A7D7A9A8FF20EDE96CEB83597
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:7....-...........s.Y.R...v.n..k.........s.Y.R.}.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):13253
                                                                                                                                                                                                                                                                        Entropy (8bit):5.492417072982274
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:bnaRtLYbBp6shj4qyaaXF6KTtwF5RfGNBw8dkSl:eeCqvktAcw/0
                                                                                                                                                                                                                                                                        MD5:1D9B0AE46085EB4320355F73DCE38480
                                                                                                                                                                                                                                                                        SHA1:6E96ABF6CF33BD5D69BEB8D2F3DD31D26C9E8D99
                                                                                                                                                                                                                                                                        SHA-256:5622F5D5FC979C76D7C94810E4B82790C94C2DAAFDB84DBAB58E8B9F3664CC45
                                                                                                                                                                                                                                                                        SHA-512:C5C85F35F33C7E78D1FE0DE152EF994711EAA42A015C1F1DAD6B14BF0D10EF08955E2DDE7F37977E00828DF1FBA66BD644B45212EA2586A209BBCDBA5D80A845
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1730115801);..user_pref("app.update.lastUpdateTime.background-update-timer", 1730115801);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1730115801);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173011

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):13253
                                                                                                                                                                                                                                                                        Entropy (8bit):5.492417072982274
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:bnaRtLYbBp6shj4qyaaXF6KTtwF5RfGNBw8dkSl:eeCqvktAcw/0
                                                                                                                                                                                                                                                                        MD5:1D9B0AE46085EB4320355F73DCE38480
                                                                                                                                                                                                                                                                        SHA1:6E96ABF6CF33BD5D69BEB8D2F3DD31D26C9E8D99
                                                                                                                                                                                                                                                                        SHA-256:5622F5D5FC979C76D7C94810E4B82790C94C2DAAFDB84DBAB58E8B9F3664CC45
                                                                                                                                                                                                                                                                        SHA-512:C5C85F35F33C7E78D1FE0DE152EF994711EAA42A015C1F1DAD6B14BF0D10EF08955E2DDE7F37977E00828DF1FBA66BD644B45212EA2586A209BBCDBA5D80A845
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1730115801);..user_pref("app.update.lastUpdateTime.background-update-timer", 1730115801);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1730115801);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173011

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                                                                        Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:ltBl/l4/WN1h4BEJYqWvLue3FMOrMZ0l:DBl/WuntfJiFxMZO
                                                                                                                                                                                                                                                                        MD5:18F65713B07CB441E6A98655B726D098
                                                                                                                                                                                                                                                                        SHA1:2CEFA32BC26B25BE81C411B60C9925CB0F1F8F88
                                                                                                                                                                                                                                                                        SHA-256:B6C268E48546B113551A5AF9CA86BB6A462A512DE6C9289315E125CEB0FD8621
                                                                                                                                                                                                                                                                        SHA-512:A6871076C7D7ED53B630F9F144ED04303AD54A2E60B94ECA2AA96964D1AB375EEFDCA86CE0D3EB0E9DBB81470C6BD159877125A080C95EB17E54A52427F805FB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):90
                                                                                                                                                                                                                                                                        Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                        MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                        SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                        SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                        SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):90
                                                                                                                                                                                                                                                                        Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                        MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                        SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                        SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                        SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 6151 bytes
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1747
                                                                                                                                                                                                                                                                        Entropy (8bit):6.399041177254388
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:v2USUGdI6zfNMfQ00rA6Xi14R+FaRjOJNdZZI1Gx2pHsCj6lFnSvdMDADD6LQk8S:OUpiI6zifMAEMU4NIbOPnuDWLetm
                                                                                                                                                                                                                                                                        MD5:9FD8102750C30945BED5A831C0DB3C56
                                                                                                                                                                                                                                                                        SHA1:42BCE744DBF73CE7B4D3914EF67FB136D56D51F5
                                                                                                                                                                                                                                                                        SHA-256:0EB9226347D0E5ECB5CC8C3D6F620D1172A4D7FB819E72B86A8AE7DCE97FBAF5
                                                                                                                                                                                                                                                                        SHA-512:B8C36CFEEE63733A4EDF52C070C502817A5E090AD2C8CA5074A3B654B8925969AC96D80ED59A43B4EE7CC78AD2CB753F1175EA7C37482422F0696C92CF22BE9A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...url":"about:A..."triggeringPrincipal_base64":"eyIzIjp7fX0="}],"lastAccessed":1730115775849,"hidden":false,"searchMode":null,"userContextId":0,"attributes":{},"index":1,"formdata":{"id":{...D.....9..home","title":"New Tab","cacheKey....ID":4,"docshellUU...!"{4928f5ff-b473-439a-b63d-349ac3523a33}","resultf.4URI...pz..ToInherit..s{\"0\":...\"moz-null4...:{c0c3c76c-3c3b-44b0-9d2c-f5a4aaf1d46e}\"}....hasUserInteractW........@{\"3...E...docIdentifier":5,"persist":true)...69633385765).40mag....chrome://branding/ca..nt/icon32.png"X..requestedIk..0..aselect...,"_closedTK.@],"_...C....GroupCount":-1,....Flags":2167541758....dth":1164,"height":891,"screenXN.....Y..Aizem0.."maximized"...BeforeMin...&..workspace....85d88aad-e69b-4cbc-bd94-0aee6b4b5d51...._shouldRb....","..)At...6.........I..W...6..O........p....1":{R.hUpdate\..784,"startTim..1595...centCrash...0},"globalF.Dcook.. ho...."addons.mozilla.or..@valuE..A8bad2467092

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 6151 bytes
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1747
                                                                                                                                                                                                                                                                        Entropy (8bit):6.399041177254388
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:v2USUGdI6zfNMfQ00rA6Xi14R+FaRjOJNdZZI1Gx2pHsCj6lFnSvdMDADD6LQk8S:OUpiI6zifMAEMU4NIbOPnuDWLetm
                                                                                                                                                                                                                                                                        MD5:9FD8102750C30945BED5A831C0DB3C56
                                                                                                                                                                                                                                                                        SHA1:42BCE744DBF73CE7B4D3914EF67FB136D56D51F5
                                                                                                                                                                                                                                                                        SHA-256:0EB9226347D0E5ECB5CC8C3D6F620D1172A4D7FB819E72B86A8AE7DCE97FBAF5
                                                                                                                                                                                                                                                                        SHA-512:B8C36CFEEE63733A4EDF52C070C502817A5E090AD2C8CA5074A3B654B8925969AC96D80ED59A43B4EE7CC78AD2CB753F1175EA7C37482422F0696C92CF22BE9A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...url":"about:A..."triggeringPrincipal_base64":"eyIzIjp7fX0="}],"lastAccessed":1730115775849,"hidden":false,"searchMode":null,"userContextId":0,"attributes":{},"index":1,"formdata":{"id":{...D.....9..home","title":"New Tab","cacheKey....ID":4,"docshellUU...!"{4928f5ff-b473-439a-b63d-349ac3523a33}","resultf.4URI...pz..ToInherit..s{\"0\":...\"moz-null4...:{c0c3c76c-3c3b-44b0-9d2c-f5a4aaf1d46e}\"}....hasUserInteractW........@{\"3...E...docIdentifier":5,"persist":true)...69633385765).40mag....chrome://branding/ca..nt/icon32.png"X..requestedIk..0..aselect...,"_closedTK.@],"_...C....GroupCount":-1,....Flags":2167541758....dth":1164,"height":891,"screenXN.....Y..Aizem0.."maximized"...BeforeMin...&..workspace....85d88aad-e69b-4cbc-bd94-0aee6b4b5d51...._shouldRb....","..)At...6.........I..W...6..O........p....1":{R.hUpdate\..784,"startTim..1595...centCrash...0},"globalF.Dcook.. ho...."addons.mozilla.or..@valuE..A8bad2467092

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 6151 bytes
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1747
                                                                                                                                                                                                                                                                        Entropy (8bit):6.399041177254388
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:v2USUGdI6zfNMfQ00rA6Xi14R+FaRjOJNdZZI1Gx2pHsCj6lFnSvdMDADD6LQk8S:OUpiI6zifMAEMU4NIbOPnuDWLetm
                                                                                                                                                                                                                                                                        MD5:9FD8102750C30945BED5A831C0DB3C56
                                                                                                                                                                                                                                                                        SHA1:42BCE744DBF73CE7B4D3914EF67FB136D56D51F5
                                                                                                                                                                                                                                                                        SHA-256:0EB9226347D0E5ECB5CC8C3D6F620D1172A4D7FB819E72B86A8AE7DCE97FBAF5
                                                                                                                                                                                                                                                                        SHA-512:B8C36CFEEE63733A4EDF52C070C502817A5E090AD2C8CA5074A3B654B8925969AC96D80ED59A43B4EE7CC78AD2CB753F1175EA7C37482422F0696C92CF22BE9A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...url":"about:A..."triggeringPrincipal_base64":"eyIzIjp7fX0="}],"lastAccessed":1730115775849,"hidden":false,"searchMode":null,"userContextId":0,"attributes":{},"index":1,"formdata":{"id":{...D.....9..home","title":"New Tab","cacheKey....ID":4,"docshellUU...!"{4928f5ff-b473-439a-b63d-349ac3523a33}","resultf.4URI...pz..ToInherit..s{\"0\":...\"moz-null4...:{c0c3c76c-3c3b-44b0-9d2c-f5a4aaf1d46e}\"}....hasUserInteractW........@{\"3...E...docIdentifier":5,"persist":true)...69633385765).40mag....chrome://branding/ca..nt/icon32.png"X..requestedIk..0..aselect...,"_closedTK.@],"_...C....GroupCount":-1,....Flags":2167541758....dth":1164,"height":891,"screenXN.....Y..Aizem0.."maximized"...BeforeMin...&..workspace....85d88aad-e69b-4cbc-bd94-0aee6b4b5d51...._shouldRb....","..)At...6.........I..W...6..O........p....1":{R.hUpdate\..784,"startTim..1595...centCrash...0},"globalF.Dcook.. ho...."addons.mozilla.or..@valuE..A8bad2467092

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqlite

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 7, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4096
                                                                                                                                                                                                                                                                        Entropy (8bit):2.0834050879442
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:JRrwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:/rnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                        MD5:0F96947ADE42926AE1A7CC79408757A6
                                                                                                                                                                                                                                                                        SHA1:82D11B65A64904B9326335FDD26D5D2BBF06A465
                                                                                                                                                                                                                                                                        SHA-256:8AD33211E9214835DD396D248C82E4C56DDCC604C04D2EF573E281CA36A56F68
                                                                                                                                                                                                                                                                        SHA-512:A124AA8333EAE976B1B275A5487B791A588EC88EED58E117E27D1DE78487E65AA961EF5B4391BC0E4F0C242F6648CA4D09E5A22AFFAB1AA0BA85575F29D5E69A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3670
                                                                                                                                                                                                                                                                        Entropy (8bit):4.975586341495227
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:YrSAYx6UQcpCB7aQYWBVNVV7WOzzc8eYMsku7f86SLAVL7if5FtsfbcbyJFdWw27:ycxyOWuCQOzzcMvbw6KkCrmc2Rn27
                                                                                                                                                                                                                                                                        MD5:0B2BDD30D138A7EBBBE477AB885C70B6
                                                                                                                                                                                                                                                                        SHA1:62A49E2DE71261E036B10A9CCB42130396D9EFA6
                                                                                                                                                                                                                                                                        SHA-256:79CDF0D0B907AB9173FA57FD7DDBFBFAD4FD0E85663AE6CE37B833A70317E3EB
                                                                                                                                                                                                                                                                        SHA-512:96B23E165F937C2B67722D3DE319253A3C46E648998FA27445A16880E3BA505E331CA2D0B5A4D99BE4C2F720D464772359326B20D5B695648E5C037A4E13DB69
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-28T11:43:13.266Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true},"screenshots@mozilla.org":{"version":"39.0.1","type":"extension","isSystem":true,"isWebExt

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3670
                                                                                                                                                                                                                                                                        Entropy (8bit):4.975586341495227
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:YrSAYx6UQcpCB7aQYWBVNVV7WOzzc8eYMsku7f86SLAVL7if5FtsfbcbyJFdWw27:ycxyOWuCQOzzcMvbw6KkCrmc2Rn27
                                                                                                                                                                                                                                                                        MD5:0B2BDD30D138A7EBBBE477AB885C70B6
                                                                                                                                                                                                                                                                        SHA1:62A49E2DE71261E036B10A9CCB42130396D9EFA6
                                                                                                                                                                                                                                                                        SHA-256:79CDF0D0B907AB9173FA57FD7DDBFBFAD4FD0E85663AE6CE37B833A70317E3EB
                                                                                                                                                                                                                                                                        SHA-512:96B23E165F937C2B67722D3DE319253A3C46E648998FA27445A16880E3BA505E331CA2D0B5A4D99BE4C2F720D464772359326B20D5B695648E5C037A4E13DB69
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-28T11:43:13.266Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true},"screenshots@mozilla.org":{"version":"39.0.1","type":"extension","isSystem":true,"isWebExt

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\xulstore.json (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):156
                                                                                                                                                                                                                                                                        Entropy (8bit):4.411137816108237
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:YGNDhK6c2us1pNGHfYL2HEYwgL2HEmxhHtifYYMgEYyibudJ8KgfHVEW1:YGNTG/I2XV2fEzLEJ8Kgf1Ew
                                                                                                                                                                                                                                                                        MD5:AAC5F6FC2FA4A5691A244B46164834FD
                                                                                                                                                                                                                                                                        SHA1:F011E46647F4C402B798C285DE982A6BB9EC73BF
                                                                                                                                                                                                                                                                        SHA-256:BE115879DA967E2C1213870515E049801E5950D1179325B99891869A40263BB0
                                                                                                                                                                                                                                                                        SHA-512:963486CF702B7623C20123B669F538ADBC51B996E67AB52EDE4635FF05034CA28A3926A98656CB5E8E9BB2C1FBAD338744B312B4673585FD9810AA6E36D343EC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"chrome://browser/content/browser.xhtml":{"sidebar-box":{"sidebarcommand":"","style":""},"sidebar-title":{"value":""},"main-window":{"sizemode":"normal"}}}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\xulstore.json.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):156
                                                                                                                                                                                                                                                                        Entropy (8bit):4.411137816108237
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:YGNDhK6c2us1pNGHfYL2HEYwgL2HEmxhHtifYYMgEYyibudJ8KgfHVEW1:YGNTG/I2XV2fEzLEJ8Kgf1Ew
                                                                                                                                                                                                                                                                        MD5:AAC5F6FC2FA4A5691A244B46164834FD
                                                                                                                                                                                                                                                                        SHA1:F011E46647F4C402B798C285DE982A6BB9EC73BF
                                                                                                                                                                                                                                                                        SHA-256:BE115879DA967E2C1213870515E049801E5950D1179325B99891869A40263BB0
                                                                                                                                                                                                                                                                        SHA-512:963486CF702B7623C20123B669F538ADBC51B996E67AB52EDE4635FF05034CA28A3926A98656CB5E8E9BB2C1FBAD338744B312B4673585FD9810AA6E36D343EC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"chrome://browser/content/browser.xhtml":{"sidebar-box":{"sidebarcommand":"","style":""},"sidebar-title":{"value":""},"main-window":{"sizemode":"normal"}}}

                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Entropy (8bit):6.584675545709997
                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                        File name:file.exe
                                                                                                                                                                                                                                                                        File size:919'552 bytes
                                                                                                                                                                                                                                                                        MD5:4b9c20965a7f8aba98a722fb311a8de8
                                                                                                                                                                                                                                                                        SHA1:1980fe9a40ccb001ba9d34369ea8b5dd550d6a54
                                                                                                                                                                                                                                                                        SHA256:60732d59660ca0cc96eba467ebbb4b47c693222ed4a60d15c55d5ff409426777
                                                                                                                                                                                                                                                                        SHA512:2c74ee7ba4ef97807c00f9d2fd613c4ac85b04ab97b207f4fb914f3800b4151b53b0b9a775b1c2e7be4a4983383f67eb14fd490155356c323dd7b42564e3d00c
                                                                                                                                                                                                                                                                        SSDEEP:12288:1qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/TJ:1qDEvCTbMWu7rQYlBQcBiT6rprG8abJ
                                                                                                                                                                                                                                                                        TLSH:8C159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                                                                        File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                        Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Entrypoint:0x420577
                                                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                        Time Stamp:0x671F5F34 [Mon Oct 28 09:53:56 2024 UTC]
                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                                                                                        OS Version Minor:1
                                                                                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                                                                                        File Version Minor:1
                                                                                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                                                                                        Subsystem Version Minor:1
                                                                                                                                                                                                                                                                        Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                        call 00007F2F187EE803h
                                                                                                                                                                                                                                                                        jmp 00007F2F187EE10Fh
                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                        push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                                                                                        call 00007F2F187EE2EDh
                                                                                                                                                                                                                                                                        mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                        mov eax, esi
                                                                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                                                                        retn 0004h
                                                                                                                                                                                                                                                                        and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                        mov eax, ecx
                                                                                                                                                                                                                                                                        and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                        mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                        mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                        push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                                                                                        call 00007F2F187EE2BAh
                                                                                                                                                                                                                                                                        mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                        mov eax, esi
                                                                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                                                                        retn 0004h
                                                                                                                                                                                                                                                                        and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                        mov eax, ecx
                                                                                                                                                                                                                                                                        and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                        mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                        mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                                                                                        lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                        mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                        and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                        and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                        add eax, 04h
                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                        call 00007F2F187F0EADh
                                                                                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                                                                                        mov eax, esi
                                                                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                                                                        retn 0004h
                                                                                                                                                                                                                                                                        lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                        mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                        call 00007F2F187F0EF8h
                                                                                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                                                                                        lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                        mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                        call 00007F2F187F0EE1h
                                                                                                                                                                                                                                                                        test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                        pop ecx

                                                                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                        • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9c28.rsrc
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                        .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .rsrc0xd40000x9c280x9e001caa6fecd8a24fa5421b7f147a431531False0.3156398338607595data5.373991830084081IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                        RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                        RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                        RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                        RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                        RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                        RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                        RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                        RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                        RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                        RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                        RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                        RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                        RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                        RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                        RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                        RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                        RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                        RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                        RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                        RT_RCDATA0xdc7b80xef0data1.0028765690376569
                                                                                                                                                                                                                                                                        RT_GROUP_ICON0xdd6a80x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                        RT_GROUP_ICON0xdd7200x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                        RT_GROUP_ICON0xdd7340x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                        RT_GROUP_ICON0xdd7480x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                        RT_VERSION0xdd75c0xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                        RT_MANIFEST0xdd8380x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                        WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                        VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                        WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                        COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                        MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                        WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                        PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                        IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                        USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                        UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                        KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                        USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                        GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                        COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                        ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                        SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                        ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                        OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                        EnglishGreat Britain

                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:19.619715929 CET49747443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:19.619821072 CET4434974735.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:19.620070934 CET49747443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:19.625006914 CET49747443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:19.625026941 CET4434974735.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:20.232880116 CET4434974735.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:20.233103037 CET49747443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:20.244404078 CET49747443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:20.244426966 CET4434974735.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:20.244524956 CET49747443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:20.244641066 CET4434974735.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:20.249651909 CET49747443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.594291925 CET49750443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.594322920 CET44349750142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.594775915 CET49750443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.596307993 CET49750443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.596317053 CET44349750142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.619283915 CET49751443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.619338036 CET44349751142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.619903088 CET49751443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.621331930 CET49751443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.621346951 CET44349751142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.632863045 CET4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.638133049 CET804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.643174887 CET4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.643327951 CET4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.648588896 CET804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.012989044 CET49753443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.013039112 CET4434975334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.013220072 CET49754443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.013230085 CET4434975435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.013359070 CET49753443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.014733076 CET49753443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.014749050 CET4434975334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.016155005 CET49754443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.016336918 CET49754443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.016350031 CET4434975435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.077138901 CET49755443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.077199936 CET4434975534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.078991890 CET49755443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.080432892 CET49755443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.080451012 CET4434975534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.131879091 CET49756443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.131908894 CET4434975634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.137664080 CET49756443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.138381004 CET49756443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.138394117 CET4434975634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.247942924 CET804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.303112030 CET6445580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.305870056 CET4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.308809042 CET806445534.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.308983088 CET6445580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.309108019 CET6445580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.314402103 CET806445534.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.452060938 CET44349750142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.453052998 CET44349750142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.453088045 CET49750443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.453097105 CET44349750142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.454214096 CET49750443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.457323074 CET49750443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.457328081 CET44349750142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.457443953 CET49750443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.457595110 CET44349750142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.458053112 CET49750443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.468458891 CET44349751142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.468573093 CET49751443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.469872952 CET44349751142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.470278978 CET49751443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.473901033 CET49751443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.473927021 CET44349751142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.474025965 CET49751443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.474126101 CET44349751142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.474186897 CET49751443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.474430084 CET64456443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.474457979 CET44364456142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.474538088 CET64456443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.475843906 CET64456443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.475857973 CET44364456142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.644949913 CET4434975334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.645041943 CET49753443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.645104885 CET4434975435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.645174026 CET49754443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.650444031 CET49754443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.650475025 CET4434975435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.650741100 CET4434975435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.653974056 CET49753443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.653991938 CET4434975334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.654129982 CET49753443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.654150009 CET4434975334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.654237032 CET49754443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.654335022 CET49754443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.654386044 CET4434975435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.654655933 CET64457443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.654707909 CET49753443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.654721975 CET4436445734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.654747009 CET49754443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.654824018 CET64457443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.656172991 CET64457443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.656199932 CET4436445734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.689975023 CET4434975534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.691453934 CET49755443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.696897030 CET49755443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.696908951 CET4434975534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.697002888 CET49755443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.697074890 CET4434975534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.697129965 CET49755443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.746476889 CET4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.752088070 CET804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.752813101 CET4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.755925894 CET4434975634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.758894920 CET49756443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.761951923 CET49756443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.761961937 CET4434975634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.762383938 CET4434975634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.764136076 CET49756443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.764136076 CET49756443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.764240980 CET49756443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.905045986 CET806445534.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.954803944 CET6445580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.960683107 CET806445534.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.970218897 CET6445580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.271856070 CET64459443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.271954060 CET4436445934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.274101973 CET64459443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.275557995 CET64459443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.275592089 CET4436445934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.286180019 CET4436445734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.291338921 CET4436445734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.294523954 CET64457443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.300143957 CET64457443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.300158024 CET4436445734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.300220966 CET64457443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.300435066 CET4436445734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.300509930 CET64457443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.351402044 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.356030941 CET44364456142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.357074976 CET44364456142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.359460115 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.363336086 CET44364456142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.366436005 CET64456443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.366583109 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.368540049 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.370174885 CET64456443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.370174885 CET64456443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.370194912 CET44364456142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.370454073 CET44364456142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.371193886 CET64456443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.374469995 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.890324116 CET4436445934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.890441895 CET64459443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.895806074 CET64459443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.895836115 CET4436445934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.895912886 CET64459443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.896013975 CET4436445934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.896331072 CET64461443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.896358013 CET64459443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.896446943 CET4436446134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.896533966 CET64461443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.897887945 CET64461443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.897942066 CET4436446134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.997004986 CET64462443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.997056961 CET4436446234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.997318983 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.997486115 CET64462443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.998966932 CET64462443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.999002934 CET4436446234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.001327038 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.008163929 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.012650013 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.012758017 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.019808054 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.042346954 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.504458904 CET4436446134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.504573107 CET64461443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.509367943 CET64461443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.509392977 CET4436446134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.509459019 CET64461443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.509548903 CET4436446134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.509603024 CET64461443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.610291958 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.623722076 CET4436446234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.623913050 CET64462443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.628590107 CET64462443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.628637075 CET4436446234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.628684044 CET64462443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.628922939 CET4436446234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.628981113 CET64462443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.659708023 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.754381895 CET64464443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.754483938 CET4436446434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.757285118 CET64464443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.760040998 CET64464443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.760090113 CET4436446434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.778098106 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.786190987 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.801935911 CET64465443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.801996946 CET4436446535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.808454990 CET64465443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.811587095 CET64465443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.811619043 CET4436446535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.927262068 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.973468065 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:29.378577948 CET4436446434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:29.378703117 CET64464443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:29.382955074 CET64464443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:29.382987022 CET4436446434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:29.383028984 CET64464443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:29.383145094 CET4436446434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:29.385123968 CET64464443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:29.427824020 CET4436446535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:29.427896023 CET64465443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:29.430318117 CET64465443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:29.430325985 CET4436446535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:29.430644989 CET4436446535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:29.432965994 CET64465443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:29.433016062 CET64465443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:29.433156013 CET4436446535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:29.433238983 CET64465443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:33.816612959 CET64466443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:33.816658974 CET4436446634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:33.821408033 CET64466443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:33.822757006 CET64466443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:33.822773933 CET4436446634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.091362000 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.096854925 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.106251955 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.111665964 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.121377945 CET64467443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.121474981 CET4436446734.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.129158020 CET64467443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.130944967 CET64467443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.130983114 CET4436446734.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.131999969 CET64468443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.132081985 CET4436446834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.132417917 CET64468443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.133809090 CET64468443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.133847952 CET4436446834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.216732979 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.237818003 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.260668039 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.282808065 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.433825970 CET4436446634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.433900118 CET64466443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.438601971 CET64466443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.438610077 CET4436446634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.438724995 CET64466443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.438755989 CET4436446634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.438806057 CET64466443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.439095974 CET64469443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.439155102 CET4436446934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.439235926 CET64469443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.440545082 CET64469443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.440572977 CET4436446934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.595268965 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.601200104 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.721457958 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.741507053 CET4436446834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.741585016 CET64468443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.745063066 CET64468443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.745090008 CET4436446834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.745148897 CET64468443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.745310068 CET4436446834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.745419979 CET64468443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.747919083 CET4436446734.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.747935057 CET4436446734.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.748008966 CET64467443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.752681017 CET64467443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.752702951 CET4436446734.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.752743006 CET64467443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.752968073 CET4436446734.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.753025055 CET64467443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.784254074 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:35.048424959 CET4436446934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:35.048521042 CET64469443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:35.052495003 CET64469443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:35.052524090 CET4436446934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:35.052587032 CET64469443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:35.052726984 CET4436446934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:35.052966118 CET64469443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:36.934511900 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:36.939538956 CET64470443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:36.939620972 CET4436447034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:36.940206051 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:36.940745115 CET64470443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:36.942087889 CET64470443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:36.942122936 CET4436447034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.031568050 CET64471443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.031606913 CET4436447134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.033822060 CET64471443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.033921003 CET64471443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.033931017 CET4436447134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.034493923 CET64472443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.034578085 CET4436447234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.035162926 CET64472443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.035285950 CET64472443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.035329103 CET4436447234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.066365004 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.077579975 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.083076000 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.122052908 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.203121901 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.253587008 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.561016083 CET4436447034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.561093092 CET64470443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.565668106 CET64470443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.565695047 CET4436447034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.565747023 CET64470443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.565871000 CET4436447034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.565924883 CET64470443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.649334908 CET4436447134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.649414062 CET64471443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.652139902 CET64471443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.652148962 CET4436447134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.652618885 CET4436447134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.655132055 CET64471443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.655206919 CET64471443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.655333042 CET4436447134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.655392885 CET64471443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.655591965 CET4436447234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.655668974 CET64472443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.658375025 CET64472443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.658396959 CET4436447234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.658638000 CET4436447234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.661163092 CET64472443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.661231041 CET64472443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.661318064 CET4436447234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.661381006 CET64472443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:38.937887907 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:38.943598032 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:39.069850922 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:39.127887964 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:39.134882927 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:39.140511990 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:39.260405064 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:39.312777042 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.529159069 CET64473443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.529220104 CET4436447335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.533741951 CET64473443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.533880949 CET64473443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.533898115 CET4436447335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.568265915 CET64474443192.168.2.4151.101.129.91
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.568356991 CET44364474151.101.129.91192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.573398113 CET64475443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.573427916 CET4436447534.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.573734045 CET64476443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.573818922 CET4436447635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.579011917 CET64474443192.168.2.4151.101.129.91
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.579570055 CET64475443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.579577923 CET64476443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.604310989 CET64474443192.168.2.4151.101.129.91
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.604347944 CET44364474151.101.129.91192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.604527950 CET64475443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.604543924 CET4436447534.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.605889082 CET64476443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.605942011 CET4436447635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.606156111 CET64477443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.606177092 CET4436447735.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.620434046 CET64477443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.621809959 CET64477443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.621824026 CET4436447735.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.852093935 CET64478443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.852185011 CET4436447834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.852356911 CET64478443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.853907108 CET64478443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.853941917 CET4436447834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.153392076 CET4436447335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.157629013 CET64473443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.164408922 CET64473443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.164423943 CET4436447335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.164781094 CET4436447335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.166752100 CET64473443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.166856050 CET64473443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.166943073 CET4436447335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.167448044 CET64473443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.170452118 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.175862074 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.211369991 CET4436447534.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.211433887 CET64475443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.214217901 CET64475443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.214224100 CET4436447534.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.214453936 CET4436447534.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.216749907 CET64475443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.216844082 CET64475443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.216902018 CET4436447534.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.217221975 CET64475443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.221653938 CET4436447635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.221724033 CET64476443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.226543903 CET64476443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.226564884 CET4436447635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.226624966 CET64476443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.226634979 CET4436447735.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.226648092 CET4436447735.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.226721048 CET4436447635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.227005959 CET64476443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.227022886 CET64477443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.231064081 CET64477443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.231070042 CET4436447735.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.231142044 CET64477443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.231228113 CET4436447735.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.232650042 CET64477443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.241843939 CET64479443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.241874933 CET4436447934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.242027998 CET64479443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.242146969 CET64479443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.242161989 CET4436447934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.254815102 CET44364474151.101.129.91192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.254832983 CET44364474151.101.129.91192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.254899979 CET64474443192.168.2.4151.101.129.91
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.257730961 CET64474443192.168.2.4151.101.129.91
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.257761002 CET44364474151.101.129.91192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.258157969 CET44364474151.101.129.91192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.259788990 CET64474443192.168.2.4151.101.129.91
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.259876966 CET64474443192.168.2.4151.101.129.91
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.259979963 CET44364474151.101.129.91192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.261868000 CET64474443192.168.2.4151.101.129.91
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.266706944 CET64480443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.266732931 CET4436448035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.267047882 CET64480443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.267174006 CET64480443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.267189980 CET4436448035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.268683910 CET64481443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.268743992 CET4436448135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.269005060 CET64481443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.269095898 CET64481443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.269126892 CET4436448135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.271122932 CET64482443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.271136045 CET4436448235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.271500111 CET64482443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.271621943 CET64482443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.271631002 CET4436448235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.302054882 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.304455996 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.312151909 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.362154961 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.432692051 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.478194952 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.696190119 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.696286917 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.704591036 CET4436447834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.704701900 CET64478443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.709373951 CET64478443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.709407091 CET4436447834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.709471941 CET64478443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.709604025 CET4436447834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.709917068 CET64478443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.712714911 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.718151093 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.844719887 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.850711107 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.851387978 CET4436447934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.851516962 CET64479443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.854669094 CET64479443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.854685068 CET4436447934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.855012894 CET4436447934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.856102943 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.857749939 CET64479443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.857829094 CET64479443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.857938051 CET4436447934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.859186888 CET64479443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.860805988 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.867268085 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.867728949 CET4436448135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.867820024 CET64481443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.870913982 CET64481443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.870946884 CET4436448135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.871201038 CET4436448135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.872620106 CET4436448035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.872699022 CET64480443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.875015974 CET64480443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.875024080 CET4436448035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.875955105 CET64481443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.876038074 CET64481443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.876137018 CET4436448135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.876189947 CET4436448035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.877687931 CET64481443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.878268003 CET64480443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.878341913 CET64480443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.878460884 CET4436448035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.878514051 CET64480443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.891587019 CET4436448235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.891652107 CET64482443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.894788980 CET64482443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.894798994 CET4436448235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.895051003 CET4436448235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.897058010 CET64482443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.897140026 CET64482443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.897192001 CET4436448235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.898021936 CET64482443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.977605104 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.992762089 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.995435953 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:48.000900030 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:48.042015076 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:48.121212959 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:48.164467096 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:49.500097990 CET50919443192.168.2.4142.250.113.102
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:49.500169992 CET44350919142.250.113.102192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:49.500432014 CET50919443192.168.2.4142.250.113.102
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:49.500557899 CET50919443192.168.2.4142.250.113.102
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:49.500582933 CET44350919142.250.113.102192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.135997057 CET44350919142.250.113.102192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.136722088 CET44350919142.250.113.102192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.139465094 CET50919443192.168.2.4142.250.113.102
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.139529943 CET44350919142.250.113.102192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.142596960 CET50919443192.168.2.4142.250.113.102
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.142637014 CET44350919142.250.113.102192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.142894030 CET44350919142.250.113.102192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.144998074 CET50919443192.168.2.4142.250.113.102
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.145100117 CET50919443192.168.2.4142.250.113.102
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.145158052 CET44350919142.250.113.102192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.148066044 CET50919443192.168.2.4142.250.113.102
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.149915934 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.156187057 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.282421112 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.285022974 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.290779114 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.333008051 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.411020994 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.471095085 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:00.297070980 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:00.302484035 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:00.412950993 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:00.418394089 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:03.212317944 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:03.218558073 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:03.344727993 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:03.348149061 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:03.353610039 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:03.404509068 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:03.473330975 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:03.520343065 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:07.773360968 CET50983443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:07.773411036 CET4435098334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:07.774125099 CET50983443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:07.775542974 CET50983443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:07.775557041 CET4435098334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.391289949 CET4435098334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.391375065 CET50983443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.396059990 CET50983443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.396076918 CET4435098334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.396150112 CET50983443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.396684885 CET4435098334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.396747112 CET50983443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.398910046 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.404344082 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.531008959 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.534143925 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.539515018 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.584892035 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.659354925 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.700679064 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.214514017 CET51029443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.214545012 CET4435102934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.214788914 CET51030443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.214874983 CET4435103034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.215179920 CET51029443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.215379000 CET51029443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.215387106 CET51030443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.215394974 CET4435102934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.215540886 CET51030443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.215578079 CET4435103034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.267962933 CET51031443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.267983913 CET4435103134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.268455029 CET51031443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.268604040 CET51031443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.268614054 CET4435103134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.821022987 CET4435102934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.821120977 CET51029443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.824301004 CET51029443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.824317932 CET4435102934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.825133085 CET4435102934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.826555014 CET51029443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.826682091 CET51029443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.827008963 CET4435102934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.831572056 CET51029443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.831589937 CET51029443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.832772970 CET4435103034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.834804058 CET51030443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.835664034 CET51030443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.835676908 CET4435103034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.836682081 CET4435103034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.837903023 CET51030443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.838001966 CET51030443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.838313103 CET4435103034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.838713884 CET51030443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.838713884 CET51030443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.841939926 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.847285032 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.883989096 CET4435103134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.884104013 CET51031443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.886763096 CET51031443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.886768103 CET4435103134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.886955976 CET4435103134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.888828039 CET51031443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.888931990 CET51031443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.888955116 CET4435103134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.889276028 CET51031443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.973443031 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.976237059 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.981812000 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:17.023952961 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:17.102145910 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:17.155505896 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:26.986622095 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:27.102622032 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:27.129194975 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:27.129231930 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:37.134114981 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:37.134304047 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:37.139518976 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:37.139631033 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:47.148319960 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:47.148324013 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:47.153927088 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:47.153969049 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:48.790999889 CET51191443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:48.791045904 CET4435119134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:48.791295052 CET51191443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:48.793335915 CET51191443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:48.793356895 CET4435119134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.413711071 CET4435119134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.413875103 CET51191443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.420449018 CET51191443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.420463085 CET4435119134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.420583010 CET51191443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.420994997 CET4435119134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.421066999 CET51191443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.423423052 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.428865910 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.554970980 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.558774948 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.564476967 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.601824045 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.889575958 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.932028055 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.932096958 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:59.566852093 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:59.572500944 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:59.899034023 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:59.963181973 CET806446334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:08:09.575064898 CET6446080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:08:09.580599070 CET806446034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:08:09.976170063 CET6446380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:08:09.981739044 CET806446334.107.221.82192.168.2.4

                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:19.620595932 CET6090753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:19.628376007 CET53609071.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:19.629304886 CET6546253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:19.637130976 CET53654621.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.585743904 CET6221153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.586313009 CET5128453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.593553066 CET53622111.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.595074892 CET6224053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.599627972 CET6392853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.602854967 CET53622401.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.605422020 CET5612253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.607204914 CET53639281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.609148979 CET6528053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.612683058 CET53561221.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.616843939 CET53652801.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.003375053 CET5281653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.010792017 CET53528161.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.013573885 CET5759053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.015115023 CET6031853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.028031111 CET53575901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.028043985 CET53603181.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.033226013 CET6518153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.033994913 CET5418353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.040533066 CET53651811.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.041297913 CET53541831.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.060416937 CET6462353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.068017960 CET53646231.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.077395916 CET6161753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.086136103 CET53616171.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.091489077 CET5617453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.098726988 CET53561741.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.103801966 CET5692953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.111252069 CET53569291.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.126624107 CET5021953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.132006884 CET5079953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.134901047 CET53502191.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.140170097 CET53507991.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.146878958 CET5300553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.155446053 CET53530051.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.275352955 CET5264853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.282583952 CET53526481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.284528017 CET4928553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.292171001 CET53492851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.295017958 CET5727553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.785012007 CET53516171.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.941029072 CET5614953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.949557066 CET53561491.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.958712101 CET5906753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.967175961 CET53590671.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.974323034 CET5396853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.984364033 CET53539681.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.612601995 CET6054953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.620115042 CET53605491.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.623076916 CET6029853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.631053925 CET53602981.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.631684065 CET5782753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.639425039 CET53578271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.754892111 CET4954853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.762262106 CET53495481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.793504000 CET5557553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.793916941 CET5766553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.801165104 CET53555751.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.802021980 CET53576651.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:33.592945099 CET4951653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:33.601094961 CET53495161.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:33.602277040 CET5089353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:33.609626055 CET53508931.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:33.610100031 CET6452953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:33.617501974 CET53645291.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.122523069 CET5480553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.122673035 CET5824153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.130016088 CET53582411.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.130456924 CET53548051.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:38.937992096 CET6445053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.885514975 CET5176753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.885799885 CET5647853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.885801077 CET5992153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET53517671.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893192053 CET53564781.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893872976 CET53599211.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893928051 CET5423253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893984079 CET6242353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.894464970 CET5282853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.901422977 CET53542321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.901726961 CET53528281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.901853085 CET6158553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902019978 CET53624231.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902216911 CET5798653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902565956 CET5356753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.909200907 CET53615851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.909646034 CET5184453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.910111904 CET53535671.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.910130024 CET53579861.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.910518885 CET5397653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.917435884 CET53518441.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.917917013 CET6042853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.918385029 CET53539761.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.918771982 CET6230053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.926386118 CET53604281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.926426888 CET53623001.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.926747084 CET5538253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.926919937 CET5511953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.934204102 CET53551191.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.934245110 CET53553821.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.529659986 CET5749753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.540079117 CET53574971.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.540631056 CET5398453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.549190044 CET53539841.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.549725056 CET5555953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.557600021 CET53555591.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.568636894 CET6448453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.574187040 CET6509053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.576930046 CET53644841.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.579579115 CET6420453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.582561970 CET53650901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.583620071 CET5048753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.587753057 CET53642041.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.591053009 CET53504871.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.598751068 CET5561653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.607336044 CET53556161.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.843358994 CET6083953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.850975037 CET53608391.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.852183104 CET5203253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.859636068 CET53520321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:48.889669895 CET53512001.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:03.212584019 CET5418253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:07.773844957 CET6112253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:07.781105042 CET53611221.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.214792967 CET5577853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.222695112 CET53557781.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:48.781106949 CET5482753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:48.790029049 CET53548271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:48.791208982 CET5477253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:48.800359964 CET53547721.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.423681974 CET6534953192.168.2.41.1.1.1

                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:19.620595932 CET192.168.2.41.1.1.10xe73Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:19.629304886 CET192.168.2.41.1.1.10xe776Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.585743904 CET192.168.2.41.1.1.10xaae0Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.586313009 CET192.168.2.41.1.1.10x1628Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.595074892 CET192.168.2.41.1.1.10x6794Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.599627972 CET192.168.2.41.1.1.10xa97eStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.605422020 CET192.168.2.41.1.1.10xe9c4Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.609148979 CET192.168.2.41.1.1.10x9fe2Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.003375053 CET192.168.2.41.1.1.10x11f6Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.013573885 CET192.168.2.41.1.1.10x6166Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.015115023 CET192.168.2.41.1.1.10xcf95Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.033226013 CET192.168.2.41.1.1.10x2e6eStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.033994913 CET192.168.2.41.1.1.10x3be2Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.060416937 CET192.168.2.41.1.1.10xc7c2Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.077395916 CET192.168.2.41.1.1.10x417dStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.091489077 CET192.168.2.41.1.1.10xbc3bStandard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.103801966 CET192.168.2.41.1.1.10x81c5Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.126624107 CET192.168.2.41.1.1.10x22aeStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.132006884 CET192.168.2.41.1.1.10x1df0Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.146878958 CET192.168.2.41.1.1.10x9331Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.275352955 CET192.168.2.41.1.1.10xaf81Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.284528017 CET192.168.2.41.1.1.10x1aa0Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.295017958 CET192.168.2.41.1.1.10x7a16Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.941029072 CET192.168.2.41.1.1.10x95c6Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.958712101 CET192.168.2.41.1.1.10x1ce5Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.974323034 CET192.168.2.41.1.1.10x8e06Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.612601995 CET192.168.2.41.1.1.10x307fStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.623076916 CET192.168.2.41.1.1.10xea18Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.631684065 CET192.168.2.41.1.1.10x3042Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.754892111 CET192.168.2.41.1.1.10xde37Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.793504000 CET192.168.2.41.1.1.10xd8d9Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.793916941 CET192.168.2.41.1.1.10x4b1bStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:33.592945099 CET192.168.2.41.1.1.10x29b2Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:33.602277040 CET192.168.2.41.1.1.10x2aa8Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:33.610100031 CET192.168.2.41.1.1.10xcbd1Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.122523069 CET192.168.2.41.1.1.10xbf17Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.122673035 CET192.168.2.41.1.1.10x47bcStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:38.937992096 CET192.168.2.41.1.1.10x3900Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.885514975 CET192.168.2.41.1.1.10xb3dcStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.885799885 CET192.168.2.41.1.1.10x487aStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.885801077 CET192.168.2.41.1.1.10x26bdStandard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893928051 CET192.168.2.41.1.1.10x5f3Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893984079 CET192.168.2.41.1.1.10x536cStandard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.894464970 CET192.168.2.41.1.1.10x85c5Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.901853085 CET192.168.2.41.1.1.10x3f48Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902216911 CET192.168.2.41.1.1.10xe594Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902565956 CET192.168.2.41.1.1.10x5021Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.909646034 CET192.168.2.41.1.1.10xf7e0Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.910518885 CET192.168.2.41.1.1.10x2a15Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.917917013 CET192.168.2.41.1.1.10xfb88Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.918771982 CET192.168.2.41.1.1.10x8e85Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.926747084 CET192.168.2.41.1.1.10x6315Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.926919937 CET192.168.2.41.1.1.10xd396Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.529659986 CET192.168.2.41.1.1.10x64dbStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.540631056 CET192.168.2.41.1.1.10x4f9eStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.549725056 CET192.168.2.41.1.1.10x36dStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.568636894 CET192.168.2.41.1.1.10xcd89Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.574187040 CET192.168.2.41.1.1.10x74c9Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.579579115 CET192.168.2.41.1.1.10xb3e3Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.583620071 CET192.168.2.41.1.1.10x496dStandard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.598751068 CET192.168.2.41.1.1.10x7080Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.843358994 CET192.168.2.41.1.1.10xabafStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.852183104 CET192.168.2.41.1.1.10xa8a4Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:03.212584019 CET192.168.2.41.1.1.10x5589Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:07.773844957 CET192.168.2.41.1.1.10x9496Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.214792967 CET192.168.2.41.1.1.10xacStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:48.781106949 CET192.168.2.41.1.1.10x458dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:48.791208982 CET192.168.2.41.1.1.10xcd93Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.423681974 CET192.168.2.41.1.1.10xbaf7Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:19.615498066 CET1.1.1.1192.168.2.40xfaf1No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:19.628376007 CET1.1.1.1192.168.2.40xe73No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.593553066 CET1.1.1.1192.168.2.40xaae0No error (0)youtube.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.593660116 CET1.1.1.1192.168.2.40x1628No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.593660116 CET1.1.1.1192.168.2.40x1628No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.602854967 CET1.1.1.1192.168.2.40x6794No error (0)youtube.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.607204914 CET1.1.1.1192.168.2.40xa97eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.612683058 CET1.1.1.1192.168.2.40xe9c4No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.616843939 CET1.1.1.1192.168.2.40x9fe2No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.010792017 CET1.1.1.1192.168.2.40x11f6No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.010809898 CET1.1.1.1192.168.2.40x4c59No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.010809898 CET1.1.1.1192.168.2.40x4c59No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.028031111 CET1.1.1.1192.168.2.40x6166No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.028043985 CET1.1.1.1192.168.2.40xcf95No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.068017960 CET1.1.1.1192.168.2.40xc7c2No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.068017960 CET1.1.1.1192.168.2.40xc7c2No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.086136103 CET1.1.1.1192.168.2.40x417dNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.111252069 CET1.1.1.1192.168.2.40x81c5No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.111252069 CET1.1.1.1192.168.2.40x81c5No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.111252069 CET1.1.1.1192.168.2.40x81c5No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.140170097 CET1.1.1.1192.168.2.40x1df0No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.155446053 CET1.1.1.1192.168.2.40x9331No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.282583952 CET1.1.1.1192.168.2.40xaf81No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.292171001 CET1.1.1.1192.168.2.40x1aa0No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.292171001 CET1.1.1.1192.168.2.40x1aa0No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.302515984 CET1.1.1.1192.168.2.40x7a16No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.302515984 CET1.1.1.1192.168.2.40x7a16No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.949557066 CET1.1.1.1192.168.2.40x95c6No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.967175961 CET1.1.1.1192.168.2.40x1ce5No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.620115042 CET1.1.1.1192.168.2.40x307fNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.620115042 CET1.1.1.1192.168.2.40x307fNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.620115042 CET1.1.1.1192.168.2.40x307fNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.631053925 CET1.1.1.1192.168.2.40xea18No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.752819061 CET1.1.1.1192.168.2.40x3aeNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.762262106 CET1.1.1.1192.168.2.40xde37No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.798528910 CET1.1.1.1192.168.2.40xf5dNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.798528910 CET1.1.1.1192.168.2.40xf5dNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:33.601094961 CET1.1.1.1192.168.2.40x29b2No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:33.601094961 CET1.1.1.1192.168.2.40x29b2No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:33.609626055 CET1.1.1.1192.168.2.40x2aa8No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.127810955 CET1.1.1.1192.168.2.40x8af3No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:38.946260929 CET1.1.1.1192.168.2.40x3900No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:38.946260929 CET1.1.1.1192.168.2.40x3900No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET1.1.1.1192.168.2.40xb3dcNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET1.1.1.1192.168.2.40xb3dcNo error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET1.1.1.1192.168.2.40xb3dcNo error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET1.1.1.1192.168.2.40xb3dcNo error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET1.1.1.1192.168.2.40xb3dcNo error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET1.1.1.1192.168.2.40xb3dcNo error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET1.1.1.1192.168.2.40xb3dcNo error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET1.1.1.1192.168.2.40xb3dcNo error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET1.1.1.1192.168.2.40xb3dcNo error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET1.1.1.1192.168.2.40xb3dcNo error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET1.1.1.1192.168.2.40xb3dcNo error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET1.1.1.1192.168.2.40xb3dcNo error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET1.1.1.1192.168.2.40xb3dcNo error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET1.1.1.1192.168.2.40xb3dcNo error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET1.1.1.1192.168.2.40xb3dcNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET1.1.1.1192.168.2.40xb3dcNo error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893161058 CET1.1.1.1192.168.2.40xb3dcNo error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893192053 CET1.1.1.1192.168.2.40x487aNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893192053 CET1.1.1.1192.168.2.40x487aNo error (0)star-mini.c10r.facebook.com157.240.0.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893872976 CET1.1.1.1192.168.2.40x26bdNo error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.893872976 CET1.1.1.1192.168.2.40x26bdNo error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.901422977 CET1.1.1.1192.168.2.40x5f3No error (0)star-mini.c10r.facebook.com157.240.253.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.901726961 CET1.1.1.1192.168.2.40x85c5No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902019978 CET1.1.1.1192.168.2.40x536cNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902019978 CET1.1.1.1192.168.2.40x536cNo error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902019978 CET1.1.1.1192.168.2.40x536cNo error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902019978 CET1.1.1.1192.168.2.40x536cNo error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902019978 CET1.1.1.1192.168.2.40x536cNo error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902019978 CET1.1.1.1192.168.2.40x536cNo error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902019978 CET1.1.1.1192.168.2.40x536cNo error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902019978 CET1.1.1.1192.168.2.40x536cNo error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902019978 CET1.1.1.1192.168.2.40x536cNo error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902019978 CET1.1.1.1192.168.2.40x536cNo error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902019978 CET1.1.1.1192.168.2.40x536cNo error (0)youtube-ui.l.google.com172.217.23.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902019978 CET1.1.1.1192.168.2.40x536cNo error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902019978 CET1.1.1.1192.168.2.40x536cNo error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902019978 CET1.1.1.1192.168.2.40x536cNo error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902019978 CET1.1.1.1192.168.2.40x536cNo error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.902019978 CET1.1.1.1192.168.2.40x536cNo error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.909200907 CET1.1.1.1192.168.2.40x3f48No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.910111904 CET1.1.1.1192.168.2.40x5021No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.910111904 CET1.1.1.1192.168.2.40x5021No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.910111904 CET1.1.1.1192.168.2.40x5021No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.910111904 CET1.1.1.1192.168.2.40x5021No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.910130024 CET1.1.1.1192.168.2.40xe594No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.917435884 CET1.1.1.1192.168.2.40xf7e0No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.917435884 CET1.1.1.1192.168.2.40xf7e0No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.917435884 CET1.1.1.1192.168.2.40xf7e0No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.917435884 CET1.1.1.1192.168.2.40xf7e0No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.917435884 CET1.1.1.1192.168.2.40xf7e0No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.918385029 CET1.1.1.1192.168.2.40x2a15No error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.926386118 CET1.1.1.1192.168.2.40xfb88No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.926386118 CET1.1.1.1192.168.2.40xfb88No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.926386118 CET1.1.1.1192.168.2.40xfb88No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.926386118 CET1.1.1.1192.168.2.40xfb88No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:44.926426888 CET1.1.1.1192.168.2.40x8e85No error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.540079117 CET1.1.1.1192.168.2.40x64dbNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.557600021 CET1.1.1.1192.168.2.40x36dNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.557600021 CET1.1.1.1192.168.2.40x36dNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.557600021 CET1.1.1.1192.168.2.40x36dNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.557600021 CET1.1.1.1192.168.2.40x36dNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.576930046 CET1.1.1.1192.168.2.40xcd89No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.576930046 CET1.1.1.1192.168.2.40xcd89No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.576930046 CET1.1.1.1192.168.2.40xcd89No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.576930046 CET1.1.1.1192.168.2.40xcd89No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.582561970 CET1.1.1.1192.168.2.40x74c9No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.582561970 CET1.1.1.1192.168.2.40x74c9No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.591053009 CET1.1.1.1192.168.2.40x496dNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:46.850975037 CET1.1.1.1192.168.2.40xabafNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.923870087 CET1.1.1.1192.168.2.40x9602No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.923870087 CET1.1.1.1192.168.2.40x9602No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:03.222409010 CET1.1.1.1192.168.2.40x5589No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:03.222409010 CET1.1.1.1192.168.2.40x5589No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:48.790029049 CET1.1.1.1192.168.2.40x458dNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.431469917 CET1.1.1.1192.168.2.40xbaf7No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.431469917 CET1.1.1.1192.168.2.40xbaf7No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                        • detectportal.firefox.com

                                                                                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        0192.168.2.44975234.107.221.82807800C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:22.643327951 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.247942924 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 15:04:45 GMT
                                                                                                                                                                                                                                                                        Age: 68498
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        1192.168.2.46445534.107.221.82807800C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.309108019 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:23.905045986 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 11:11:07 GMT
                                                                                                                                                                                                                                                                        Age: 82516
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                        Data Ascii: success


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        2192.168.2.46446034.107.221.82807800C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.368540049 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:24.997318983 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 15:04:45 GMT
                                                                                                                                                                                                                                                                        Age: 68499
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.778098106 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:28.927262068 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 15:04:45 GMT
                                                                                                                                                                                                                                                                        Age: 68503
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.106251955 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.237818003 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 15:04:45 GMT
                                                                                                                                                                                                                                                                        Age: 68509
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:36.934511900 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.066365004 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 15:04:45 GMT
                                                                                                                                                                                                                                                                        Age: 68512
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:38.937887907 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:39.069850922 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 15:04:45 GMT
                                                                                                                                                                                                                                                                        Age: 68514
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.170452118 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.302054882 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 15:04:45 GMT
                                                                                                                                                                                                                                                                        Age: 68522
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.712714911 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.844719887 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 15:04:45 GMT
                                                                                                                                                                                                                                                                        Age: 68522
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.860805988 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.992762089 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 15:04:45 GMT
                                                                                                                                                                                                                                                                        Age: 68522
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.149915934 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.282421112 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 15:04:45 GMT
                                                                                                                                                                                                                                                                        Age: 68525
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:00.297070980 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:03.212317944 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:03.344727993 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 15:04:45 GMT
                                                                                                                                                                                                                                                                        Age: 68538
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.398910046 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.531008959 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 15:04:45 GMT
                                                                                                                                                                                                                                                                        Age: 68543
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.841939926 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.973443031 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 15:04:45 GMT
                                                                                                                                                                                                                                                                        Age: 68551
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:26.986622095 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:37.134114981 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:47.148319960 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.423423052 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.554970980 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 15:04:45 GMT
                                                                                                                                                                                                                                                                        Age: 68584
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:59.566852093 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:08:09.575064898 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        3192.168.2.46446334.107.221.82807800C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.012758017 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:25.610291958 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 11:11:07 GMT
                                                                                                                                                                                                                                                                        Age: 82518
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.091362000 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.216732979 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 11:11:07 GMT
                                                                                                                                                                                                                                                                        Age: 82527
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.595268965 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:34.721457958 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 11:11:07 GMT
                                                                                                                                                                                                                                                                        Age: 82527
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.077579975 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:37.203121901 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 11:11:07 GMT
                                                                                                                                                                                                                                                                        Age: 82530
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:39.134882927 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:39.260405064 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 11:11:07 GMT
                                                                                                                                                                                                                                                                        Age: 82532
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.304455996 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.432692051 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 11:11:07 GMT
                                                                                                                                                                                                                                                                        Age: 82540
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.696190119 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 11:11:07 GMT
                                                                                                                                                                                                                                                                        Age: 82540
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.850711107 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.977605104 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 11:11:07 GMT
                                                                                                                                                                                                                                                                        Age: 82540
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:47.995435953 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:48.121212959 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 11:11:07 GMT
                                                                                                                                                                                                                                                                        Age: 82541
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.285022974 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:06:50.411020994 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 11:11:07 GMT
                                                                                                                                                                                                                                                                        Age: 82543
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:00.412950993 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:03.348149061 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:03.473330975 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 11:11:07 GMT
                                                                                                                                                                                                                                                                        Age: 82556
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.534143925 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:08.659354925 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 11:11:07 GMT
                                                                                                                                                                                                                                                                        Age: 82561
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:16.976237059 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:17.102145910 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 11:11:07 GMT
                                                                                                                                                                                                                                                                        Age: 82570
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:27.102622032 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:37.134304047 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:47.148324013 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.558774948 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.889575958 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 11:11:07 GMT
                                                                                                                                                                                                                                                                        Age: 82602
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:49.932028055 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                        Date: Sun, 27 Oct 2024 11:11:07 GMT
                                                                                                                                                                                                                                                                        Age: 82602
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:07:59.899034023 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                        Oct 28, 2024 11:08:09.976170063 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                                        Start time:06:05:59
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x7b0000
                                                                                                                                                                                                                                                                        File size:919'552 bytes
                                                                                                                                                                                                                                                                        MD5 hash:4B9C20965A7F8ABA98A722FB311A8DE8
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialFlusher, Description: Yara detected Credential Flusher, Source: 00000000.00000003.1866585631.000000000153F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                                                                        Start time:06:05:59
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                        Imagebase:0xba0000
                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                                                                        Start time:06:05:59
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                                                                        Start time:06:06:02
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                        Imagebase:0xba0000
                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                                                                        Start time:06:06:02
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                                                        Start time:06:06:02
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                        Imagebase:0xba0000
                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                                                        Start time:06:06:03
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                                                                        Start time:06:06:03
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                        Imagebase:0xba0000
                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                                                        Start time:06:06:03
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                                                        Start time:06:06:03
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                        Imagebase:0xba0000
                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                                                        Start time:06:06:03
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                                                        Start time:06:06:04
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                                                        Start time:06:06:05
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                                                        Start time:06:06:06
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                                                                        Start time:06:06:09
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2208 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {308dec56-a9e5-4107-a009-d3ff39bebe95} 5824 "\\.\pipe\gecko-crash-server-pipe.5824" 19a62170d10 socket
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                                                                        Start time:06:06:10
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                        Imagebase:0xba0000
                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                                                                        Start time:06:06:10
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                                                                        Start time:06:06:13
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                        Imagebase:0xba0000
                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                                                                        Start time:06:06:13
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                                                                        Start time:06:06:13
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                        Imagebase:0xba0000
                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                                                                        Start time:06:06:13
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                                                                        Start time:06:06:14
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                        Imagebase:0xba0000
                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                                                                        Start time:06:06:14
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                                                                                        Start time:06:06:14
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                        Imagebase:0xba0000
                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                                                                        Start time:06:06:14
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:26
                                                                                                                                                                                                                                                                        Start time:06:06:14
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                                                                        Start time:06:06:14
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                                                                                        Start time:06:06:14
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                                                                                        Start time:06:06:16
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2328 -parentBuildID 20230927232528 -prefsHandle 2272 -prefMapHandle 2264 -prefsLen 25359 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f1747b7-9f91-4c38-9d2f-6eda4767631b} 7800 "\\.\pipe\gecko-crash-server-pipe.7800" 1893e96e910 socket
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                                                                        Start time:06:06:21
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:33
                                                                                                                                                                                                                                                                        Start time:06:06:36
                                                                                                                                                                                                                                                                        Start date:28/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4676 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 1524 -prefMapHandle 4668 -prefsLen 32371 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f54f232-a1db-4584-a609-d58d2c4ec88b} 7800 "\\.\pipe\gecko-crash-server-pipe.7800" 1895a838710 utility
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                          Execution Coverage:2.1%
                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                          Signature Coverage:4.6%
                                                                                                                                                                                                                                                                          Total number of Nodes:1555
                                                                                                                                                                                                                                                                          Total number of Limit Nodes:62
                                                                                                                                                                                                                                                                          execution_graph 95113 7b105b 95118 7b344d 95113->95118 95115 7b106a 95149 7d00a3 29 API calls __onexit 95115->95149 95117 7b1074 95119 7b345d __wsopen_s 95118->95119 95150 7ba961 95119->95150 95123 7b351c 95162 7b3357 95123->95162 95130 7ba961 22 API calls 95131 7b354d 95130->95131 95183 7ba6c3 95131->95183 95134 7f3176 RegQueryValueExW 95135 7f320c RegCloseKey 95134->95135 95136 7f3193 95134->95136 95139 7b3578 95135->95139 95148 7f321e _wcslen 95135->95148 95189 7cfe0b 95136->95189 95138 7f31ac 95199 7b5722 95138->95199 95139->95115 95140 7b4c6d 22 API calls 95140->95148 95143 7f31d4 95202 7b6b57 95143->95202 95145 7f31ee ISource 95145->95135 95147 7b515f 22 API calls 95147->95148 95148->95139 95148->95140 95148->95147 95214 7b9cb3 95148->95214 95149->95117 95151 7cfe0b 22 API calls 95150->95151 95152 7ba976 95151->95152 95220 7cfddb 95152->95220 95154 7b3513 95155 7b3a5a 95154->95155 95242 7f1f50 95155->95242 95158 7b9cb3 22 API calls 95159 7b3a8d 95158->95159 95244 7b3aa2 95159->95244 95161 7b3a97 95161->95123 95163 7f1f50 __wsopen_s 95162->95163 95164 7b3364 GetFullPathNameW 95163->95164 95165 7b3386 95164->95165 95166 7b6b57 22 API calls 95165->95166 95167 7b33a4 95166->95167 95168 7b33c6 95167->95168 95169 7f30bb 95168->95169 95170 7b33dd 95168->95170 95172 7cfddb 22 API calls 95169->95172 95268 7b33ee 95170->95268 95173 7f30c5 _wcslen 95172->95173 95175 7cfe0b 22 API calls 95173->95175 95174 7b33e8 95177 7b515f 95174->95177 95176 7f30fe __fread_nolock 95175->95176 95178 7b516e 95177->95178 95182 7b518f __fread_nolock 95177->95182 95180 7cfe0b 22 API calls 95178->95180 95179 7cfddb 22 API calls 95181 7b3544 95179->95181 95180->95182 95181->95130 95182->95179 95184 7ba6dd 95183->95184 95185 7b3556 RegOpenKeyExW 95183->95185 95186 7cfddb 22 API calls 95184->95186 95185->95134 95185->95139 95187 7ba6e7 95186->95187 95188 7cfe0b 22 API calls 95187->95188 95188->95185 95191 7cfddb 95189->95191 95190 7dea0c ___std_exception_copy 21 API calls 95190->95191 95191->95190 95192 7cfdfa 95191->95192 95194 7cfdfc 95191->95194 95283 7d4ead 7 API calls 2 library calls 95191->95283 95192->95138 95195 7d066d 95194->95195 95284 7d32a4 RaiseException 95194->95284 95285 7d32a4 RaiseException 95195->95285 95198 7d068a 95198->95138 95200 7cfddb 22 API calls 95199->95200 95201 7b5734 RegQueryValueExW 95200->95201 95201->95143 95201->95145 95203 7b6b67 _wcslen 95202->95203 95204 7f4ba1 95202->95204 95207 7b6b7d 95203->95207 95208 7b6ba2 95203->95208 95205 7b93b2 22 API calls 95204->95205 95206 7f4baa 95205->95206 95206->95206 95286 7b6f34 22 API calls 95207->95286 95210 7cfddb 22 API calls 95208->95210 95212 7b6bae 95210->95212 95211 7b6b85 __fread_nolock 95211->95145 95213 7cfe0b 22 API calls 95212->95213 95213->95211 95215 7b9cc2 _wcslen 95214->95215 95216 7cfe0b 22 API calls 95215->95216 95217 7b9cea __fread_nolock 95216->95217 95218 7cfddb 22 API calls 95217->95218 95219 7b9d00 95218->95219 95219->95148 95223 7cfde0 95220->95223 95222 7cfdfa 95222->95154 95223->95222 95226 7cfdfc 95223->95226 95230 7dea0c 95223->95230 95237 7d4ead 7 API calls 2 library calls 95223->95237 95225 7d066d 95239 7d32a4 RaiseException 95225->95239 95226->95225 95238 7d32a4 RaiseException 95226->95238 95229 7d068a 95229->95154 95236 7e3820 BuildCatchObjectHelperInternal 95230->95236 95231 7e385e 95241 7df2d9 20 API calls __dosmaperr 95231->95241 95233 7e3849 RtlAllocateHeap 95234 7e385c 95233->95234 95233->95236 95234->95223 95236->95231 95236->95233 95240 7d4ead 7 API calls 2 library calls 95236->95240 95237->95223 95238->95225 95239->95229 95240->95236 95241->95234 95243 7b3a67 GetModuleFileNameW 95242->95243 95243->95158 95245 7f1f50 __wsopen_s 95244->95245 95246 7b3aaf GetFullPathNameW 95245->95246 95247 7b3ae9 95246->95247 95248 7b3ace 95246->95248 95250 7ba6c3 22 API calls 95247->95250 95249 7b6b57 22 API calls 95248->95249 95251 7b3ada 95249->95251 95250->95251 95254 7b37a0 95251->95254 95255 7b37ae 95254->95255 95258 7b93b2 95255->95258 95257 7b37c2 95257->95161 95259 7b93c9 __fread_nolock 95258->95259 95260 7b93c0 95258->95260 95259->95257 95260->95259 95262 7baec9 95260->95262 95263 7baed9 __fread_nolock 95262->95263 95264 7baedc 95262->95264 95263->95259 95265 7cfddb 22 API calls 95264->95265 95266 7baee7 95265->95266 95267 7cfe0b 22 API calls 95266->95267 95267->95263 95269 7b33fe _wcslen 95268->95269 95270 7f311d 95269->95270 95271 7b3411 95269->95271 95273 7cfddb 22 API calls 95270->95273 95278 7ba587 95271->95278 95275 7f3127 95273->95275 95274 7b341e __fread_nolock 95274->95174 95276 7cfe0b 22 API calls 95275->95276 95277 7f3157 __fread_nolock 95276->95277 95279 7ba59d 95278->95279 95282 7ba598 __fread_nolock 95278->95282 95280 7ff80f 95279->95280 95281 7cfe0b 22 API calls 95279->95281 95281->95282 95282->95274 95283->95191 95284->95195 95285->95198 95286->95211 95287 802a00 95303 7bd7b0 ISource 95287->95303 95288 7bdb11 PeekMessageW 95288->95303 95289 7bd807 GetInputState 95289->95288 95289->95303 95290 801cbe TranslateAcceleratorW 95290->95303 95292 7bdb8f PeekMessageW 95292->95303 95293 7bda04 timeGetTime 95293->95303 95294 7bdb73 TranslateMessage DispatchMessageW 95294->95292 95295 7bdbaf Sleep 95295->95303 95296 802b74 Sleep 95309 802a51 95296->95309 95299 801dda timeGetTime 95448 7ce300 23 API calls 95299->95448 95302 802c0b GetExitCodeProcess 95307 802c21 WaitForSingleObject 95302->95307 95308 802c37 CloseHandle 95302->95308 95303->95288 95303->95289 95303->95290 95303->95292 95303->95293 95303->95294 95303->95295 95303->95296 95303->95299 95306 7bd9d5 95303->95306 95303->95309 95319 7bdd50 95303->95319 95326 7c1310 95303->95326 95383 7bbf40 95303->95383 95441 7cedf6 95303->95441 95446 7bdfd0 348 API calls 3 library calls 95303->95446 95447 7ce551 timeGetTime 95303->95447 95449 823a2a 23 API calls 95303->95449 95450 7bec40 95303->95450 95474 82359c 82 API calls __wsopen_s 95303->95474 95304 8429bf GetForegroundWindow 95304->95309 95307->95303 95307->95308 95308->95309 95309->95302 95309->95303 95309->95304 95309->95306 95310 802ca9 Sleep 95309->95310 95475 835658 23 API calls 95309->95475 95476 81e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95309->95476 95477 7ce551 timeGetTime 95309->95477 95478 81d4dc CreateToolhelp32Snapshot Process32FirstW 95309->95478 95310->95303 95320 7bdd6f 95319->95320 95321 7bdd83 95319->95321 95488 7bd260 95320->95488 95520 82359c 82 API calls __wsopen_s 95321->95520 95323 7bdd7a 95323->95303 95325 802f75 95325->95325 95327 7c1376 95326->95327 95328 7c17b0 95326->95328 95329 806331 95327->95329 95330 7c1390 95327->95330 95569 7d0242 5 API calls __Init_thread_wait 95328->95569 95583 83709c 348 API calls 95329->95583 95530 7c1940 95330->95530 95334 7c17ba 95337 7c17fb 95334->95337 95338 7b9cb3 22 API calls 95334->95338 95336 80633d 95336->95303 95341 806346 95337->95341 95343 7c182c 95337->95343 95346 7c17d4 95338->95346 95339 7c1940 9 API calls 95340 7c13b6 95339->95340 95340->95337 95342 7c13ec 95340->95342 95584 82359c 82 API calls __wsopen_s 95341->95584 95342->95341 95357 7c1408 __fread_nolock 95342->95357 95571 7baceb 95343->95571 95570 7d01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95346->95570 95347 806369 95347->95303 95348 7c1839 95581 7cd217 348 API calls 95348->95581 95351 80636e 95585 82359c 82 API calls __wsopen_s 95351->95585 95353 7c153c 95356 7c1940 9 API calls 95353->95356 95354 8063d1 95587 835745 54 API calls _wcslen 95354->95587 95358 7c1549 95356->95358 95357->95347 95357->95348 95357->95351 95359 7cfddb 22 API calls 95357->95359 95361 7cfe0b 22 API calls 95357->95361 95365 7bec40 348 API calls 95357->95365 95366 7c152f 95357->95366 95368 8063b2 95357->95368 95363 7c1940 9 API calls 95358->95363 95367 8064fa 95358->95367 95359->95357 95360 7c1872 95582 7cfaeb 23 API calls 95360->95582 95361->95357 95370 7c1563 95363->95370 95365->95357 95366->95353 95366->95354 95367->95347 95589 82359c 82 API calls __wsopen_s 95367->95589 95586 82359c 82 API calls __wsopen_s 95368->95586 95370->95367 95373 7c15c7 ISource 95370->95373 95588 7ba8c7 22 API calls __fread_nolock 95370->95588 95372 7c1940 9 API calls 95372->95373 95373->95347 95373->95360 95373->95367 95373->95372 95375 7c167b ISource 95373->95375 95540 83ab67 95373->95540 95543 841591 95373->95543 95546 83abf7 95373->95546 95551 83a2ea 95373->95551 95556 825c5a 95373->95556 95561 7cf645 95373->95561 95374 7c171d 95374->95303 95375->95374 95568 7cce17 22 API calls ISource 95375->95568 95767 7badf0 95383->95767 95385 7bbf9d 95386 7bbfa9 95385->95386 95387 8004b6 95385->95387 95389 7bc01e 95386->95389 95390 8004c6 95386->95390 95785 82359c 82 API calls __wsopen_s 95387->95785 95772 7bac91 95389->95772 95786 82359c 82 API calls __wsopen_s 95390->95786 95393 817120 22 API calls 95437 7bc039 ISource __fread_nolock 95393->95437 95394 7bc7da 95399 7cfe0b 22 API calls 95394->95399 95396 7cfddb 22 API calls 95396->95437 95404 7bc808 __fread_nolock 95399->95404 95401 8004f5 95405 80055a 95401->95405 95787 7cd217 348 API calls 95401->95787 95409 7cfe0b 22 API calls 95404->95409 95426 7bc603 95405->95426 95788 82359c 82 API calls __wsopen_s 95405->95788 95406 7bec40 348 API calls 95406->95437 95407 7baf8a 22 API calls 95407->95437 95408 80091a 95797 823209 23 API calls 95408->95797 95438 7bc350 ISource __fread_nolock 95409->95438 95412 8008a5 95413 7bec40 348 API calls 95412->95413 95415 8008cf 95413->95415 95415->95426 95795 7ba81b 41 API calls 95415->95795 95416 800591 95789 82359c 82 API calls __wsopen_s 95416->95789 95419 8008f6 95796 82359c 82 API calls __wsopen_s 95419->95796 95422 7baceb 23 API calls 95422->95437 95423 7bc237 95424 7bc253 95423->95424 95798 7ba8c7 22 API calls __fread_nolock 95423->95798 95427 800976 95424->95427 95431 7bc297 ISource 95424->95431 95426->95303 95429 7baceb 23 API calls 95427->95429 95430 8009bf 95429->95430 95430->95426 95799 82359c 82 API calls __wsopen_s 95430->95799 95431->95430 95432 7baceb 23 API calls 95431->95432 95433 7bc335 95432->95433 95433->95430 95434 7bc342 95433->95434 95783 7ba704 22 API calls ISource 95434->95783 95435 7bbbe0 40 API calls 95435->95437 95437->95393 95437->95394 95437->95396 95437->95401 95437->95404 95437->95405 95437->95406 95437->95407 95437->95408 95437->95412 95437->95416 95437->95419 95437->95422 95437->95423 95437->95426 95437->95430 95437->95435 95439 7cfe0b 22 API calls 95437->95439 95776 7bad81 95437->95776 95790 817099 22 API calls __fread_nolock 95437->95790 95791 835745 54 API calls _wcslen 95437->95791 95792 7caa42 22 API calls ISource 95437->95792 95793 81f05c 40 API calls 95437->95793 95794 7ba993 41 API calls 95437->95794 95440 7bc3ac 95438->95440 95784 7cce17 22 API calls ISource 95438->95784 95439->95437 95440->95303 95442 7cee09 95441->95442 95443 7cee12 95441->95443 95442->95303 95443->95442 95444 7cee36 IsDialogMessageW 95443->95444 95445 80efaf GetClassLongW 95443->95445 95444->95442 95444->95443 95445->95443 95445->95444 95446->95303 95447->95303 95448->95303 95449->95303 95470 7bec76 ISource 95450->95470 95451 7d00a3 29 API calls pre_c_initialization 95451->95470 95452 804beb 95816 82359c 82 API calls __wsopen_s 95452->95816 95453 7cfddb 22 API calls 95453->95470 95454 7bfef7 95468 7bed9d ISource 95454->95468 95812 7ba8c7 22 API calls __fread_nolock 95454->95812 95456 7bf3ae ISource 95456->95468 95813 82359c 82 API calls __wsopen_s 95456->95813 95458 804600 95458->95468 95811 7ba8c7 22 API calls __fread_nolock 95458->95811 95459 804b0b 95814 82359c 82 API calls __wsopen_s 95459->95814 95463 7ba8c7 22 API calls 95463->95470 95466 7d0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95466->95470 95467 7bfbe3 95467->95456 95467->95468 95471 804bdc 95467->95471 95468->95303 95469 7ba961 22 API calls 95469->95470 95470->95451 95470->95452 95470->95453 95470->95454 95470->95456 95470->95458 95470->95459 95470->95463 95470->95466 95470->95467 95470->95468 95470->95469 95473 7d01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95470->95473 95809 7c01e0 348 API calls 2 library calls 95470->95809 95810 7c06a0 41 API calls ISource 95470->95810 95815 82359c 82 API calls __wsopen_s 95471->95815 95473->95470 95474->95303 95475->95309 95476->95309 95477->95309 95817 81def7 95478->95817 95480 81d529 Process32NextW 95481 81d5db CloseHandle 95480->95481 95487 81d522 95480->95487 95481->95309 95482 7ba961 22 API calls 95482->95487 95483 7b9cb3 22 API calls 95483->95487 95487->95480 95487->95481 95487->95482 95487->95483 95823 7b525f 22 API calls 95487->95823 95824 7b6350 22 API calls 95487->95824 95825 7cce60 41 API calls 95487->95825 95489 7bec40 348 API calls 95488->95489 95490 7bd29d 95489->95490 95491 7bd6d5 95490->95491 95492 7bd30b ISource 95490->95492 95494 7bd3c3 95490->95494 95500 7bd4b8 95490->95500 95503 7cfddb 22 API calls 95490->95503 95506 801bc4 95490->95506 95515 7bd429 ISource __fread_nolock 95490->95515 95491->95492 95504 7cfe0b 22 API calls 95491->95504 95492->95323 95494->95491 95495 7bd3ce 95494->95495 95497 7cfddb 22 API calls 95495->95497 95496 7bd5ff 95498 801bb5 95496->95498 95499 7bd614 95496->95499 95508 7bd3d5 __fread_nolock 95497->95508 95528 835705 23 API calls 95498->95528 95502 7cfddb 22 API calls 95499->95502 95505 7cfe0b 22 API calls 95500->95505 95513 7bd46a 95502->95513 95503->95490 95504->95508 95505->95515 95529 82359c 82 API calls __wsopen_s 95506->95529 95507 7cfddb 22 API calls 95509 7bd3f6 95507->95509 95508->95507 95508->95509 95509->95515 95521 7bbec0 348 API calls 95509->95521 95511 801ba4 95527 82359c 82 API calls __wsopen_s 95511->95527 95513->95323 95515->95496 95515->95511 95515->95513 95516 801b7f 95515->95516 95518 801b5d 95515->95518 95522 7b1f6f 95515->95522 95526 82359c 82 API calls __wsopen_s 95516->95526 95525 82359c 82 API calls __wsopen_s 95518->95525 95520->95325 95521->95515 95523 7bec40 348 API calls 95522->95523 95524 7b1f98 95523->95524 95524->95515 95525->95513 95526->95513 95527->95513 95528->95506 95529->95492 95531 7c1981 95530->95531 95534 7c195d 95530->95534 95590 7d0242 5 API calls __Init_thread_wait 95531->95590 95539 7c13a0 95534->95539 95592 7d0242 5 API calls __Init_thread_wait 95534->95592 95535 7c198b 95535->95534 95591 7d01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95535->95591 95536 7c8727 95536->95539 95593 7d01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95536->95593 95539->95339 95594 83aff9 95540->95594 95749 842ad8 95543->95749 95545 84159f 95545->95373 95547 83aff9 217 API calls 95546->95547 95549 83ac0c 95547->95549 95548 83ac54 95548->95373 95549->95548 95550 7baceb 23 API calls 95549->95550 95550->95548 95552 7b7510 53 API calls 95551->95552 95553 83a306 95552->95553 95554 81d4dc 47 API calls 95553->95554 95555 83a315 95554->95555 95555->95373 95557 7b7510 53 API calls 95556->95557 95558 825c6d 95557->95558 95760 81dbbe lstrlenW 95558->95760 95560 825c77 95560->95373 95562 7bb567 39 API calls 95561->95562 95563 7cf659 95562->95563 95564 80f2dc Sleep 95563->95564 95565 7cf661 timeGetTime 95563->95565 95566 7bb567 39 API calls 95565->95566 95567 7cf677 95566->95567 95567->95373 95568->95375 95569->95334 95570->95337 95572 7bacf9 95571->95572 95580 7bad2a ISource 95571->95580 95573 7bad55 95572->95573 95574 7bad01 ISource 95572->95574 95573->95580 95765 7ba8c7 22 API calls __fread_nolock 95573->95765 95576 7ffa48 95574->95576 95577 7bad21 95574->95577 95574->95580 95576->95580 95766 7cce17 22 API calls ISource 95576->95766 95578 7ffa3a VariantClear 95577->95578 95577->95580 95578->95580 95580->95348 95581->95360 95582->95360 95583->95336 95584->95347 95585->95347 95586->95347 95587->95370 95588->95373 95589->95347 95590->95535 95591->95534 95592->95536 95593->95539 95595 83b01d ___scrt_fastfail 95594->95595 95596 83b094 95595->95596 95597 83b058 95595->95597 95599 7bb567 39 API calls 95596->95599 95608 83b08b 95596->95608 95715 7bb567 95597->95715 95602 83b0a5 95599->95602 95600 83b063 95605 7bb567 39 API calls 95600->95605 95600->95608 95604 7bb567 39 API calls 95602->95604 95604->95608 95609 83b078 95605->95609 95606 7bb567 39 API calls 95610 83b0ed 95606->95610 95608->95606 95608->95610 95612 7bb567 39 API calls 95609->95612 95685 7b7510 95610->95685 95611 83b115 95613 83b1d8 95611->95613 95614 83b11f 95611->95614 95612->95608 95616 83b20a GetCurrentDirectoryW 95613->95616 95619 7b7510 53 API calls 95613->95619 95615 7b7510 53 API calls 95614->95615 95617 83b130 95615->95617 95618 7cfe0b 22 API calls 95616->95618 95620 7b7620 22 API calls 95617->95620 95621 83b22f GetCurrentDirectoryW 95618->95621 95622 83b1ef 95619->95622 95624 83b13a 95620->95624 95625 83b23c 95621->95625 95623 7b7620 22 API calls 95622->95623 95626 83b1f9 _wcslen 95623->95626 95627 7b7510 53 API calls 95624->95627 95629 83b275 95625->95629 95720 7b9c6e 22 API calls 95625->95720 95626->95616 95626->95629 95628 83b14b 95627->95628 95630 7b7620 22 API calls 95628->95630 95634 83b287 95629->95634 95635 83b28b 95629->95635 95632 83b155 95630->95632 95636 7b7510 53 API calls 95632->95636 95633 83b255 95721 7b9c6e 22 API calls 95633->95721 95642 83b39a CreateProcessW 95634->95642 95643 83b2f8 95634->95643 95723 8207c0 10 API calls 95635->95723 95639 83b166 95636->95639 95644 7b7620 22 API calls 95639->95644 95640 83b265 95722 7b9c6e 22 API calls 95640->95722 95641 83b294 95724 8206e6 10 API calls 95641->95724 95684 83b32f _wcslen 95642->95684 95726 8111c8 39 API calls 95643->95726 95646 83b170 95644->95646 95649 83b1a6 GetSystemDirectoryW 95646->95649 95654 7b7510 53 API calls 95646->95654 95656 7cfe0b 22 API calls 95649->95656 95650 83b2aa 95725 8205a7 8 API calls 95650->95725 95651 83b2fd 95652 83b323 95651->95652 95653 83b32a 95651->95653 95727 811201 128 API calls 2 library calls 95652->95727 95728 8114ce 6 API calls 95653->95728 95658 83b187 95654->95658 95661 83b1cb GetSystemDirectoryW 95656->95661 95663 7b7620 22 API calls 95658->95663 95660 83b2d0 95660->95634 95661->95625 95662 83b328 95662->95684 95664 83b191 _wcslen 95663->95664 95664->95625 95664->95649 95665 83b3d6 GetLastError 95674 83b41a 95665->95674 95666 83b42f CloseHandle 95667 83b43f 95666->95667 95675 83b49a 95666->95675 95669 83b451 95667->95669 95670 83b446 CloseHandle 95667->95670 95672 83b463 95669->95672 95673 83b458 CloseHandle 95669->95673 95670->95669 95671 83b4a6 95671->95674 95676 83b475 95672->95676 95677 83b46a CloseHandle 95672->95677 95673->95672 95712 820175 95674->95712 95675->95671 95681 83b4d2 CloseHandle 95675->95681 95729 8209d9 34 API calls 95676->95729 95677->95676 95680 83b486 95730 83b536 25 API calls 95680->95730 95681->95674 95684->95665 95684->95666 95686 7b7522 95685->95686 95687 7b7525 95685->95687 95708 7b7620 95686->95708 95688 7b755b 95687->95688 95689 7b752d 95687->95689 95691 7f50f6 95688->95691 95694 7b756d 95688->95694 95700 7f500f 95688->95700 95731 7d51c6 26 API calls 95689->95731 95734 7d5183 26 API calls 95691->95734 95692 7b753d 95698 7cfddb 22 API calls 95692->95698 95732 7cfb21 51 API calls 95694->95732 95695 7f510e 95695->95695 95699 7b7547 95698->95699 95701 7b9cb3 22 API calls 95699->95701 95702 7cfe0b 22 API calls 95700->95702 95703 7f5088 95700->95703 95701->95686 95704 7f5058 95702->95704 95733 7cfb21 51 API calls 95703->95733 95705 7cfddb 22 API calls 95704->95705 95706 7f507f 95705->95706 95707 7b9cb3 22 API calls 95706->95707 95707->95703 95709 7b762a _wcslen 95708->95709 95710 7cfe0b 22 API calls 95709->95710 95711 7b763f 95710->95711 95711->95611 95735 82030f 95712->95735 95716 7bb578 95715->95716 95717 7bb57f 95715->95717 95716->95717 95748 7d62d1 39 API calls 95716->95748 95717->95600 95719 7bb5c2 95719->95600 95720->95633 95721->95640 95722->95629 95723->95641 95724->95650 95725->95660 95726->95651 95727->95662 95728->95684 95729->95680 95730->95675 95731->95692 95732->95692 95733->95691 95734->95695 95736 820321 CloseHandle 95735->95736 95737 820329 95735->95737 95736->95737 95738 820336 95737->95738 95739 82032e CloseHandle 95737->95739 95740 820343 95738->95740 95741 82033b CloseHandle 95738->95741 95739->95738 95742 820350 95740->95742 95743 820348 CloseHandle 95740->95743 95741->95740 95744 820355 CloseHandle 95742->95744 95745 82035d 95742->95745 95743->95742 95744->95745 95746 820362 CloseHandle 95745->95746 95747 82017d 95745->95747 95746->95747 95747->95373 95748->95719 95750 7baceb 23 API calls 95749->95750 95751 842af3 95750->95751 95752 842b1d 95751->95752 95753 842aff 95751->95753 95755 7b6b57 22 API calls 95752->95755 95754 7b7510 53 API calls 95753->95754 95757 842b0c 95754->95757 95756 842b1b 95755->95756 95756->95545 95757->95756 95759 7ba8c7 22 API calls __fread_nolock 95757->95759 95759->95756 95761 81dc06 95760->95761 95762 81dbdc GetFileAttributesW 95760->95762 95761->95560 95762->95761 95763 81dbe8 FindFirstFileW 95762->95763 95763->95761 95764 81dbf9 FindClose 95763->95764 95764->95761 95765->95580 95766->95580 95768 7bae01 95767->95768 95771 7bae1c ISource 95767->95771 95769 7baec9 22 API calls 95768->95769 95770 7bae09 CharUpperBuffW 95769->95770 95770->95771 95771->95385 95773 7bacae 95772->95773 95774 7bacd1 95773->95774 95800 82359c 82 API calls __wsopen_s 95773->95800 95774->95437 95777 7ffadb 95776->95777 95778 7bad92 95776->95778 95779 7cfddb 22 API calls 95778->95779 95780 7bad99 95779->95780 95801 7badcd 95780->95801 95783->95438 95784->95438 95785->95390 95786->95426 95787->95405 95788->95426 95789->95426 95790->95437 95791->95437 95792->95437 95793->95437 95794->95437 95795->95419 95796->95426 95797->95423 95798->95424 95799->95426 95800->95774 95804 7baddd 95801->95804 95802 7badb6 95802->95437 95803 7cfddb 22 API calls 95803->95804 95804->95802 95804->95803 95805 7ba961 22 API calls 95804->95805 95807 7badcd 22 API calls 95804->95807 95808 7ba8c7 22 API calls __fread_nolock 95804->95808 95805->95804 95807->95804 95808->95804 95809->95470 95810->95470 95811->95468 95812->95468 95813->95468 95814->95468 95815->95452 95816->95468 95818 81df02 95817->95818 95819 81df19 95818->95819 95822 81df1f 95818->95822 95826 7d63b2 GetStringTypeW _strftime 95818->95826 95827 7d62fb 39 API calls 95819->95827 95822->95487 95823->95487 95824->95487 95825->95487 95826->95818 95827->95822 95828 7b1098 95833 7b42de 95828->95833 95832 7b10a7 95834 7ba961 22 API calls 95833->95834 95835 7b42f5 GetVersionExW 95834->95835 95836 7b6b57 22 API calls 95835->95836 95837 7b4342 95836->95837 95838 7b93b2 22 API calls 95837->95838 95841 7b4378 95837->95841 95839 7b436c 95838->95839 95840 7b37a0 22 API calls 95839->95840 95840->95841 95842 7b441b GetCurrentProcess IsWow64Process 95841->95842 95846 7f37df 95841->95846 95843 7b4437 95842->95843 95844 7b444f LoadLibraryA 95843->95844 95845 7f3824 GetSystemInfo 95843->95845 95847 7b449c GetSystemInfo 95844->95847 95848 7b4460 GetProcAddress 95844->95848 95849 7b4476 95847->95849 95848->95847 95850 7b4470 GetNativeSystemInfo 95848->95850 95851 7b447a FreeLibrary 95849->95851 95852 7b109d 95849->95852 95850->95849 95851->95852 95853 7d00a3 29 API calls __onexit 95852->95853 95853->95832 95854 7bf7bf 95855 7bf7d3 95854->95855 95856 7bfcb6 95854->95856 95857 7bfcc2 95855->95857 95859 7cfddb 22 API calls 95855->95859 95858 7baceb 23 API calls 95856->95858 95860 7baceb 23 API calls 95857->95860 95858->95857 95861 7bf7e5 95859->95861 95863 7bfd3d 95860->95863 95861->95857 95862 7bf83e 95861->95862 95861->95863 95865 7c1310 348 API calls 95862->95865 95882 7bed9d ISource 95862->95882 95891 821155 22 API calls 95863->95891 95887 7bec76 ISource 95865->95887 95866 804beb 95897 82359c 82 API calls __wsopen_s 95866->95897 95867 7cfddb 22 API calls 95867->95887 95868 7bfef7 95868->95882 95893 7ba8c7 22 API calls __fread_nolock 95868->95893 95871 804b0b 95895 82359c 82 API calls __wsopen_s 95871->95895 95872 7ba8c7 22 API calls 95872->95887 95874 804600 95874->95882 95892 7ba8c7 22 API calls __fread_nolock 95874->95892 95879 7d0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95879->95887 95880 7bfbe3 95880->95882 95883 804bdc 95880->95883 95888 7bf3ae ISource 95880->95888 95881 7ba961 22 API calls 95881->95887 95896 82359c 82 API calls __wsopen_s 95883->95896 95885 7d01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95885->95887 95886 7d00a3 29 API calls pre_c_initialization 95886->95887 95887->95866 95887->95867 95887->95868 95887->95871 95887->95872 95887->95874 95887->95879 95887->95880 95887->95881 95887->95882 95887->95885 95887->95886 95887->95888 95889 7c01e0 348 API calls 2 library calls 95887->95889 95890 7c06a0 41 API calls ISource 95887->95890 95888->95882 95894 82359c 82 API calls __wsopen_s 95888->95894 95889->95887 95890->95887 95891->95882 95892->95882 95893->95882 95894->95882 95895->95882 95896->95866 95897->95882 95898 7d03fb 95899 7d0407 CallCatchBlock 95898->95899 95927 7cfeb1 95899->95927 95901 7d040e 95902 7d0561 95901->95902 95905 7d0438 95901->95905 95957 7d083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95902->95957 95904 7d0568 95950 7d4e52 95904->95950 95915 7d0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95905->95915 95938 7e247d 95905->95938 95912 7d0457 95918 7d04d8 95915->95918 95953 7d4e1a 38 API calls 3 library calls 95915->95953 95916 7d04de 95919 7d04f3 95916->95919 95946 7d0959 95918->95946 95954 7d0992 GetModuleHandleW 95919->95954 95921 7d04fa 95921->95904 95922 7d04fe 95921->95922 95923 7d0507 95922->95923 95955 7d4df5 28 API calls _abort 95922->95955 95956 7d0040 13 API calls 2 library calls 95923->95956 95926 7d050f 95926->95912 95928 7cfeba 95927->95928 95959 7d0698 IsProcessorFeaturePresent 95928->95959 95930 7cfec6 95960 7d2c94 10 API calls 3 library calls 95930->95960 95932 7cfecb 95933 7cfecf 95932->95933 95961 7e2317 95932->95961 95933->95901 95936 7cfee6 95936->95901 95941 7e2494 95938->95941 95939 7d0a8c _ValidateLocalCookies 5 API calls 95940 7d0451 95939->95940 95940->95912 95942 7e2421 95940->95942 95941->95939 95943 7e2450 95942->95943 95944 7d0a8c _ValidateLocalCookies 5 API calls 95943->95944 95945 7e2479 95944->95945 95945->95915 96036 7d2340 95946->96036 95949 7d097f 95949->95916 96038 7d4bcf 95950->96038 95953->95918 95954->95921 95955->95923 95956->95926 95957->95904 95959->95930 95960->95932 95965 7ed1f6 95961->95965 95964 7d2cbd 8 API calls 3 library calls 95964->95933 95966 7ed213 95965->95966 95969 7ed20f 95965->95969 95966->95969 95971 7e4bfb 95966->95971 95968 7cfed8 95968->95936 95968->95964 95983 7d0a8c 95969->95983 95972 7e4c07 CallCatchBlock 95971->95972 95990 7e2f5e EnterCriticalSection 95972->95990 95974 7e4c0e 95991 7e50af 95974->95991 95976 7e4c1d 95982 7e4c2c 95976->95982 96004 7e4a8f 29 API calls 95976->96004 95979 7e4c27 96005 7e4b45 GetStdHandle GetFileType 95979->96005 95980 7e4c3d __wsopen_s 95980->95966 96006 7e4c48 LeaveCriticalSection _abort 95982->96006 95984 7d0a95 95983->95984 95985 7d0a97 IsProcessorFeaturePresent 95983->95985 95984->95968 95987 7d0c5d 95985->95987 96035 7d0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95987->96035 95989 7d0d40 95989->95968 95990->95974 95992 7e50bb CallCatchBlock 95991->95992 95993 7e50df 95992->95993 95994 7e50c8 95992->95994 96007 7e2f5e EnterCriticalSection 95993->96007 96015 7df2d9 20 API calls __dosmaperr 95994->96015 95997 7e50cd 96016 7e27ec 26 API calls __cftof 95997->96016 95999 7e50d7 __wsopen_s 95999->95976 96000 7e5117 96017 7e513e LeaveCriticalSection _abort 96000->96017 96001 7e50eb 96001->96000 96008 7e5000 96001->96008 96004->95979 96005->95982 96006->95980 96007->96001 96018 7e4c7d 96008->96018 96010 7e501f 96026 7e29c8 96010->96026 96011 7e5012 96011->96010 96025 7e3405 11 API calls 2 library calls 96011->96025 96014 7e5071 96014->96001 96015->95997 96016->95999 96017->95999 96023 7e4c8a BuildCatchObjectHelperInternal 96018->96023 96019 7e4cca 96033 7df2d9 20 API calls __dosmaperr 96019->96033 96020 7e4cb5 RtlAllocateHeap 96021 7e4cc8 96020->96021 96020->96023 96021->96011 96023->96019 96023->96020 96032 7d4ead 7 API calls 2 library calls 96023->96032 96025->96011 96027 7e29d3 RtlFreeHeap 96026->96027 96028 7e29fc __dosmaperr 96026->96028 96027->96028 96029 7e29e8 96027->96029 96028->96014 96034 7df2d9 20 API calls __dosmaperr 96029->96034 96031 7e29ee GetLastError 96031->96028 96032->96023 96033->96021 96034->96031 96035->95989 96037 7d096c GetStartupInfoW 96036->96037 96037->95949 96039 7d4bdb BuildCatchObjectHelperInternal 96038->96039 96040 7d4bf4 96039->96040 96041 7d4be2 96039->96041 96062 7e2f5e EnterCriticalSection 96040->96062 96077 7d4d29 GetModuleHandleW 96041->96077 96044 7d4be7 96044->96040 96078 7d4d6d GetModuleHandleExW 96044->96078 96047 7d4bfb 96052 7d4c70 96047->96052 96059 7d4c99 96047->96059 96063 7e21a8 96047->96063 96050 7d4cb6 96069 7d4ce8 96050->96069 96051 7d4ce2 96086 7f1d29 5 API calls _ValidateLocalCookies 96051->96086 96053 7d4c88 96052->96053 96058 7e2421 _abort 5 API calls 96052->96058 96054 7e2421 _abort 5 API calls 96053->96054 96054->96059 96058->96053 96066 7d4cd9 96059->96066 96062->96047 96087 7e1ee1 96063->96087 96106 7e2fa6 LeaveCriticalSection 96066->96106 96068 7d4cb2 96068->96050 96068->96051 96107 7e360c 96069->96107 96072 7d4d16 96075 7d4d6d _abort 8 API calls 96072->96075 96073 7d4cf6 GetPEB 96073->96072 96074 7d4d06 GetCurrentProcess TerminateProcess 96073->96074 96074->96072 96076 7d4d1e ExitProcess 96075->96076 96077->96044 96079 7d4dba 96078->96079 96080 7d4d97 GetProcAddress 96078->96080 96081 7d4dc9 96079->96081 96082 7d4dc0 FreeLibrary 96079->96082 96083 7d4dac 96080->96083 96084 7d0a8c _ValidateLocalCookies 5 API calls 96081->96084 96082->96081 96083->96079 96085 7d4bf3 96084->96085 96085->96040 96090 7e1e90 96087->96090 96089 7e1f05 96089->96052 96091 7e1e9c CallCatchBlock 96090->96091 96098 7e2f5e EnterCriticalSection 96091->96098 96093 7e1eaa 96099 7e1f31 96093->96099 96097 7e1ec8 __wsopen_s 96097->96089 96098->96093 96102 7e1f59 96099->96102 96103 7e1f51 96099->96103 96100 7d0a8c _ValidateLocalCookies 5 API calls 96101 7e1eb7 96100->96101 96105 7e1ed5 LeaveCriticalSection _abort 96101->96105 96102->96103 96104 7e29c8 _free 20 API calls 96102->96104 96103->96100 96104->96103 96105->96097 96106->96068 96108 7e3627 96107->96108 96109 7e3631 96107->96109 96111 7d0a8c _ValidateLocalCookies 5 API calls 96108->96111 96114 7e2fd7 5 API calls 2 library calls 96109->96114 96112 7d4cf2 96111->96112 96112->96072 96112->96073 96113 7e3648 96113->96108 96114->96113 96115 7bdefc 96118 7b1d6f 96115->96118 96117 7bdf07 96119 7b1d8c 96118->96119 96120 7b1f6f 348 API calls 96119->96120 96121 7b1da6 96120->96121 96122 7f2759 96121->96122 96124 7b1e36 96121->96124 96125 7b1dc2 96121->96125 96128 82359c 82 API calls __wsopen_s 96122->96128 96124->96117 96125->96124 96127 7b289a 23 API calls 96125->96127 96127->96124 96128->96124 96129 7b1033 96134 7b4c91 96129->96134 96133 7b1042 96135 7ba961 22 API calls 96134->96135 96136 7b4cff 96135->96136 96143 7b3af0 96136->96143 96138 7f3cb6 96140 7b4d9c 96140->96138 96141 7b1038 96140->96141 96146 7b51f7 22 API calls __fread_nolock 96140->96146 96142 7d00a3 29 API calls __onexit 96141->96142 96142->96133 96147 7b3b1c 96143->96147 96146->96140 96148 7b3b0f 96147->96148 96149 7b3b29 96147->96149 96148->96140 96149->96148 96150 7b3b30 RegOpenKeyExW 96149->96150 96150->96148 96151 7b3b4a RegQueryValueExW 96150->96151 96152 7b3b80 RegCloseKey 96151->96152 96153 7b3b6b 96151->96153 96152->96148 96153->96152 96154 7b2e37 96155 7ba961 22 API calls 96154->96155 96156 7b2e4d 96155->96156 96233 7b4ae3 96156->96233 96158 7b2e6b 96159 7b3a5a 24 API calls 96158->96159 96160 7b2e7f 96159->96160 96161 7b9cb3 22 API calls 96160->96161 96162 7b2e8c 96161->96162 96247 7b4ecb 96162->96247 96165 7b2ead 96269 7ba8c7 22 API calls __fread_nolock 96165->96269 96166 7f2cb0 96287 822cf9 96166->96287 96168 7f2cc3 96169 7f2ccf 96168->96169 96313 7b4f39 96168->96313 96174 7b4f39 68 API calls 96169->96174 96172 7b2ec3 96270 7b6f88 22 API calls 96172->96270 96177 7f2ce5 96174->96177 96175 7b2ecf 96176 7b9cb3 22 API calls 96175->96176 96178 7b2edc 96176->96178 96319 7b3084 22 API calls 96177->96319 96271 7ba81b 41 API calls 96178->96271 96181 7b2eec 96183 7b9cb3 22 API calls 96181->96183 96182 7f2d02 96320 7b3084 22 API calls 96182->96320 96185 7b2f12 96183->96185 96272 7ba81b 41 API calls 96185->96272 96186 7f2d1e 96188 7b3a5a 24 API calls 96186->96188 96189 7f2d44 96188->96189 96321 7b3084 22 API calls 96189->96321 96190 7b2f21 96193 7ba961 22 API calls 96190->96193 96192 7f2d50 96322 7ba8c7 22 API calls __fread_nolock 96192->96322 96195 7b2f3f 96193->96195 96273 7b3084 22 API calls 96195->96273 96197 7f2d5e 96323 7b3084 22 API calls 96197->96323 96198 7b2f4b 96274 7d4a28 40 API calls 3 library calls 96198->96274 96201 7f2d6d 96324 7ba8c7 22 API calls __fread_nolock 96201->96324 96202 7b2f59 96202->96177 96203 7b2f63 96202->96203 96275 7d4a28 40 API calls 3 library calls 96203->96275 96206 7f2d83 96325 7b3084 22 API calls 96206->96325 96207 7b2f6e 96207->96182 96209 7b2f78 96207->96209 96276 7d4a28 40 API calls 3 library calls 96209->96276 96210 7f2d90 96212 7b2f83 96212->96186 96213 7b2f8d 96212->96213 96277 7d4a28 40 API calls 3 library calls 96213->96277 96215 7b2f98 96216 7b2fdc 96215->96216 96278 7b3084 22 API calls 96215->96278 96216->96201 96217 7b2fe8 96216->96217 96217->96210 96281 7b63eb 22 API calls 96217->96281 96219 7b2fbf 96279 7ba8c7 22 API calls __fread_nolock 96219->96279 96222 7b2ff8 96282 7b6a50 22 API calls 96222->96282 96223 7b2fcd 96280 7b3084 22 API calls 96223->96280 96226 7b3006 96283 7b70b0 23 API calls 96226->96283 96230 7b3021 96231 7b3065 96230->96231 96284 7b6f88 22 API calls 96230->96284 96285 7b70b0 23 API calls 96230->96285 96286 7b3084 22 API calls 96230->96286 96234 7b4af0 __wsopen_s 96233->96234 96235 7b6b57 22 API calls 96234->96235 96236 7b4b22 96234->96236 96235->96236 96246 7b4b58 96236->96246 96326 7b4c6d 96236->96326 96238 7b9cb3 22 API calls 96240 7b4c52 96238->96240 96239 7b9cb3 22 API calls 96239->96246 96242 7b515f 22 API calls 96240->96242 96241 7b4c6d 22 API calls 96241->96246 96243 7b4c5e 96242->96243 96243->96158 96244 7b515f 22 API calls 96244->96246 96245 7b4c29 96245->96238 96245->96243 96246->96239 96246->96241 96246->96244 96246->96245 96329 7b4e90 LoadLibraryA 96247->96329 96252 7f3ccf 96255 7b4f39 68 API calls 96252->96255 96253 7b4ef6 LoadLibraryExW 96337 7b4e59 LoadLibraryA 96253->96337 96256 7f3cd6 96255->96256 96258 7b4e59 3 API calls 96256->96258 96262 7f3cde 96258->96262 96260 7b4f20 96261 7b4f2c 96260->96261 96260->96262 96264 7b4f39 68 API calls 96261->96264 96359 7b50f5 96262->96359 96266 7b2ea5 96264->96266 96266->96165 96266->96166 96268 7f3d05 96269->96172 96270->96175 96271->96181 96272->96190 96273->96198 96274->96202 96275->96207 96276->96212 96277->96215 96278->96219 96279->96223 96280->96216 96281->96222 96282->96226 96283->96230 96284->96230 96285->96230 96286->96230 96288 822d15 96287->96288 96289 7b511f 64 API calls 96288->96289 96290 822d29 96289->96290 96490 822e66 96290->96490 96293 7b50f5 40 API calls 96294 822d56 96293->96294 96295 7b50f5 40 API calls 96294->96295 96296 822d66 96295->96296 96297 7b50f5 40 API calls 96296->96297 96298 822d81 96297->96298 96299 7b50f5 40 API calls 96298->96299 96300 822d9c 96299->96300 96301 7b511f 64 API calls 96300->96301 96302 822db3 96301->96302 96303 7dea0c ___std_exception_copy 21 API calls 96302->96303 96304 822dba 96303->96304 96305 7dea0c ___std_exception_copy 21 API calls 96304->96305 96306 822dc4 96305->96306 96307 7b50f5 40 API calls 96306->96307 96308 822dd8 96307->96308 96309 8228fe 27 API calls 96308->96309 96310 822dee 96309->96310 96311 822d3f 96310->96311 96496 8222ce 79 API calls 96310->96496 96311->96168 96314 7b4f43 96313->96314 96316 7b4f4a 96313->96316 96497 7de678 96314->96497 96317 7b4f6a FreeLibrary 96316->96317 96318 7b4f59 96316->96318 96317->96318 96318->96169 96319->96182 96320->96186 96321->96192 96322->96197 96323->96201 96324->96206 96325->96210 96327 7baec9 22 API calls 96326->96327 96328 7b4c78 96327->96328 96328->96236 96330 7b4ea8 GetProcAddress 96329->96330 96331 7b4ec6 96329->96331 96332 7b4eb8 96330->96332 96334 7de5eb 96331->96334 96332->96331 96333 7b4ebf FreeLibrary 96332->96333 96333->96331 96367 7de52a 96334->96367 96336 7b4eea 96336->96252 96336->96253 96338 7b4e6e GetProcAddress 96337->96338 96339 7b4e8d 96337->96339 96340 7b4e7e 96338->96340 96342 7b4f80 96339->96342 96340->96339 96341 7b4e86 FreeLibrary 96340->96341 96341->96339 96343 7cfe0b 22 API calls 96342->96343 96344 7b4f95 96343->96344 96345 7b5722 22 API calls 96344->96345 96346 7b4fa1 __fread_nolock 96345->96346 96347 7f3d1d 96346->96347 96348 7b50a5 96346->96348 96358 7b4fdc 96346->96358 96430 82304d 74 API calls 96347->96430 96419 7b42a2 CreateStreamOnHGlobal 96348->96419 96351 7f3d22 96353 7b511f 64 API calls 96351->96353 96352 7b50f5 40 API calls 96352->96358 96354 7f3d45 96353->96354 96355 7b50f5 40 API calls 96354->96355 96356 7b506e ISource 96355->96356 96356->96260 96358->96351 96358->96352 96358->96356 96425 7b511f 96358->96425 96360 7b5107 96359->96360 96361 7f3d70 96359->96361 96452 7de8c4 96360->96452 96364 8228fe 96473 82274e 96364->96473 96366 822919 96366->96268 96369 7de536 CallCatchBlock 96367->96369 96368 7de544 96392 7df2d9 20 API calls __dosmaperr 96368->96392 96369->96368 96371 7de574 96369->96371 96373 7de579 96371->96373 96374 7de586 96371->96374 96372 7de549 96393 7e27ec 26 API calls __cftof 96372->96393 96394 7df2d9 20 API calls __dosmaperr 96373->96394 96384 7e8061 96374->96384 96378 7de58f 96379 7de595 96378->96379 96380 7de5a2 96378->96380 96395 7df2d9 20 API calls __dosmaperr 96379->96395 96396 7de5d4 LeaveCriticalSection __fread_nolock 96380->96396 96381 7de554 __wsopen_s 96381->96336 96385 7e806d CallCatchBlock 96384->96385 96397 7e2f5e EnterCriticalSection 96385->96397 96387 7e807b 96398 7e80fb 96387->96398 96391 7e80ac __wsopen_s 96391->96378 96392->96372 96393->96381 96394->96381 96395->96381 96396->96381 96397->96387 96401 7e811e 96398->96401 96399 7e8177 96400 7e4c7d BuildCatchObjectHelperInternal 20 API calls 96399->96400 96402 7e8180 96400->96402 96401->96399 96407 7e8088 96401->96407 96414 7d918d EnterCriticalSection 96401->96414 96415 7d91a1 LeaveCriticalSection 96401->96415 96404 7e29c8 _free 20 API calls 96402->96404 96405 7e8189 96404->96405 96405->96407 96416 7e3405 11 API calls 2 library calls 96405->96416 96411 7e80b7 96407->96411 96408 7e81a8 96417 7d918d EnterCriticalSection 96408->96417 96418 7e2fa6 LeaveCriticalSection 96411->96418 96413 7e80be 96413->96391 96414->96401 96415->96401 96416->96408 96417->96407 96418->96413 96420 7b42bc FindResourceExW 96419->96420 96424 7b42d9 96419->96424 96421 7f35ba LoadResource 96420->96421 96420->96424 96422 7f35cf SizeofResource 96421->96422 96421->96424 96423 7f35e3 LockResource 96422->96423 96422->96424 96423->96424 96424->96358 96426 7b512e 96425->96426 96429 7f3d90 96425->96429 96431 7dece3 96426->96431 96430->96351 96434 7deaaa 96431->96434 96433 7b513c 96433->96358 96437 7deab6 CallCatchBlock 96434->96437 96435 7deac2 96447 7df2d9 20 API calls __dosmaperr 96435->96447 96437->96435 96438 7deae8 96437->96438 96449 7d918d EnterCriticalSection 96438->96449 96439 7deac7 96448 7e27ec 26 API calls __cftof 96439->96448 96442 7deaf4 96450 7dec0a 62 API calls 2 library calls 96442->96450 96444 7deb08 96451 7deb27 LeaveCriticalSection __fread_nolock 96444->96451 96446 7dead2 __wsopen_s 96446->96433 96447->96439 96448->96446 96449->96442 96450->96444 96451->96446 96455 7de8e1 96452->96455 96454 7b5118 96454->96364 96456 7de8ed CallCatchBlock 96455->96456 96457 7de925 __wsopen_s 96456->96457 96458 7de92d 96456->96458 96459 7de900 ___scrt_fastfail 96456->96459 96457->96454 96470 7d918d EnterCriticalSection 96458->96470 96468 7df2d9 20 API calls __dosmaperr 96459->96468 96462 7de937 96471 7de6f8 38 API calls 4 library calls 96462->96471 96463 7de91a 96469 7e27ec 26 API calls __cftof 96463->96469 96465 7de94e 96472 7de96c LeaveCriticalSection __fread_nolock 96465->96472 96468->96463 96469->96457 96470->96462 96471->96465 96472->96457 96476 7de4e8 96473->96476 96475 82275d 96475->96366 96479 7de469 96476->96479 96478 7de505 96478->96475 96480 7de48c 96479->96480 96481 7de478 96479->96481 96485 7de488 __alldvrm 96480->96485 96489 7e333f 11 API calls 2 library calls 96480->96489 96487 7df2d9 20 API calls __dosmaperr 96481->96487 96483 7de47d 96488 7e27ec 26 API calls __cftof 96483->96488 96485->96478 96487->96483 96488->96485 96489->96485 96495 822e7a 96490->96495 96491 7b50f5 40 API calls 96491->96495 96492 822d3b 96492->96293 96492->96311 96493 8228fe 27 API calls 96493->96495 96494 7b511f 64 API calls 96494->96495 96495->96491 96495->96492 96495->96493 96495->96494 96496->96311 96498 7de684 CallCatchBlock 96497->96498 96499 7de6aa 96498->96499 96500 7de695 96498->96500 96501 7de6a5 __wsopen_s 96499->96501 96510 7d918d EnterCriticalSection 96499->96510 96527 7df2d9 20 API calls __dosmaperr 96500->96527 96501->96316 96504 7de69a 96528 7e27ec 26 API calls __cftof 96504->96528 96505 7de6c6 96511 7de602 96505->96511 96508 7de6d1 96529 7de6ee LeaveCriticalSection __fread_nolock 96508->96529 96510->96505 96512 7de60f 96511->96512 96513 7de624 96511->96513 96562 7df2d9 20 API calls __dosmaperr 96512->96562 96525 7de61f 96513->96525 96530 7ddc0b 96513->96530 96515 7de614 96563 7e27ec 26 API calls __cftof 96515->96563 96522 7de646 96547 7e862f 96522->96547 96525->96508 96526 7e29c8 _free 20 API calls 96526->96525 96527->96504 96528->96501 96529->96501 96531 7ddc23 96530->96531 96535 7ddc1f 96530->96535 96532 7dd955 __fread_nolock 26 API calls 96531->96532 96531->96535 96533 7ddc43 96532->96533 96564 7e59be 62 API calls 4 library calls 96533->96564 96536 7e4d7a 96535->96536 96537 7e4d90 96536->96537 96539 7de640 96536->96539 96538 7e29c8 _free 20 API calls 96537->96538 96537->96539 96538->96539 96540 7dd955 96539->96540 96541 7dd976 96540->96541 96542 7dd961 96540->96542 96541->96522 96565 7df2d9 20 API calls __dosmaperr 96542->96565 96544 7dd966 96566 7e27ec 26 API calls __cftof 96544->96566 96546 7dd971 96546->96522 96548 7e863e 96547->96548 96549 7e8653 96547->96549 96570 7df2c6 20 API calls __dosmaperr 96548->96570 96551 7e868e 96549->96551 96556 7e867a 96549->96556 96572 7df2c6 20 API calls __dosmaperr 96551->96572 96553 7e8643 96571 7df2d9 20 API calls __dosmaperr 96553->96571 96554 7e8693 96573 7df2d9 20 API calls __dosmaperr 96554->96573 96567 7e8607 96556->96567 96559 7e869b 96574 7e27ec 26 API calls __cftof 96559->96574 96560 7de64c 96560->96525 96560->96526 96562->96515 96563->96525 96564->96535 96565->96544 96566->96546 96575 7e8585 96567->96575 96569 7e862b 96569->96560 96570->96553 96571->96560 96572->96554 96573->96559 96574->96560 96576 7e8591 CallCatchBlock 96575->96576 96586 7e5147 EnterCriticalSection 96576->96586 96578 7e859f 96579 7e85c6 96578->96579 96580 7e85d1 96578->96580 96587 7e86ae 96579->96587 96602 7df2d9 20 API calls __dosmaperr 96580->96602 96583 7e85cc 96603 7e85fb LeaveCriticalSection __wsopen_s 96583->96603 96585 7e85ee __wsopen_s 96585->96569 96586->96578 96604 7e53c4 96587->96604 96589 7e86be 96590 7e86c4 96589->96590 96591 7e86f6 96589->96591 96593 7e53c4 __wsopen_s 26 API calls 96589->96593 96617 7e5333 21 API calls 2 library calls 96590->96617 96591->96590 96594 7e53c4 __wsopen_s 26 API calls 96591->96594 96596 7e86ed 96593->96596 96597 7e8702 CloseHandle 96594->96597 96595 7e871c 96598 7e873e 96595->96598 96618 7df2a3 20 API calls __dosmaperr 96595->96618 96599 7e53c4 __wsopen_s 26 API calls 96596->96599 96597->96590 96600 7e870e GetLastError 96597->96600 96598->96583 96599->96591 96600->96590 96602->96583 96603->96585 96605 7e53e6 96604->96605 96606 7e53d1 96604->96606 96610 7e540b 96605->96610 96621 7df2c6 20 API calls __dosmaperr 96605->96621 96619 7df2c6 20 API calls __dosmaperr 96606->96619 96609 7e53d6 96620 7df2d9 20 API calls __dosmaperr 96609->96620 96610->96589 96611 7e5416 96622 7df2d9 20 API calls __dosmaperr 96611->96622 96614 7e53de 96614->96589 96615 7e541e 96623 7e27ec 26 API calls __cftof 96615->96623 96617->96595 96618->96598 96619->96609 96620->96614 96621->96611 96622->96615 96623->96614 96624 7b3156 96627 7b3170 96624->96627 96628 7b3187 96627->96628 96629 7b31eb 96628->96629 96630 7b318c 96628->96630 96671 7b31e9 96628->96671 96632 7f2dfb 96629->96632 96633 7b31f1 96629->96633 96634 7b3199 96630->96634 96635 7b3265 PostQuitMessage 96630->96635 96631 7b31d0 DefWindowProcW 96636 7b316a 96631->96636 96686 7b18e2 10 API calls 96632->96686 96637 7b31f8 96633->96637 96638 7b321d SetTimer RegisterWindowMessageW 96633->96638 96640 7f2e7c 96634->96640 96641 7b31a4 96634->96641 96635->96636 96642 7f2d9c 96637->96642 96643 7b3201 KillTimer 96637->96643 96638->96636 96645 7b3246 CreatePopupMenu 96638->96645 96699 81bf30 34 API calls ___scrt_fastfail 96640->96699 96646 7b31ae 96641->96646 96647 7f2e68 96641->96647 96649 7f2dd7 MoveWindow 96642->96649 96650 7f2da1 96642->96650 96672 7b30f2 96643->96672 96644 7f2e1c 96687 7ce499 42 API calls 96644->96687 96645->96636 96654 7f2e4d 96646->96654 96655 7b31b9 96646->96655 96676 81c161 96647->96676 96649->96636 96657 7f2da7 96650->96657 96658 7f2dc6 SetFocus 96650->96658 96654->96631 96698 810ad7 22 API calls 96654->96698 96660 7b31c4 96655->96660 96661 7b3253 96655->96661 96656 7f2e8e 96656->96631 96656->96636 96657->96660 96662 7f2db0 96657->96662 96658->96636 96660->96631 96668 7b30f2 Shell_NotifyIconW 96660->96668 96684 7b326f 44 API calls ___scrt_fastfail 96661->96684 96685 7b18e2 10 API calls 96662->96685 96667 7b3263 96667->96636 96669 7f2e41 96668->96669 96688 7b3837 96669->96688 96671->96631 96673 7b3154 96672->96673 96674 7b3104 ___scrt_fastfail 96672->96674 96683 7b3c50 DeleteObject DestroyWindow 96673->96683 96675 7b3123 Shell_NotifyIconW 96674->96675 96675->96673 96677 81c276 96676->96677 96678 81c179 ___scrt_fastfail 96676->96678 96677->96636 96700 7b3923 96678->96700 96680 81c25f KillTimer SetTimer 96680->96677 96681 81c1a0 96681->96680 96682 81c251 Shell_NotifyIconW 96681->96682 96682->96680 96683->96636 96684->96667 96685->96636 96686->96644 96687->96660 96689 7b3862 ___scrt_fastfail 96688->96689 96730 7b4212 96689->96730 96693 7f3386 Shell_NotifyIconW 96694 7b3906 Shell_NotifyIconW 96695 7b3923 24 API calls 96694->96695 96696 7b391c 96695->96696 96696->96671 96697 7b38e8 96697->96693 96697->96694 96698->96671 96699->96656 96701 7b393f 96700->96701 96702 7b3a13 96700->96702 96722 7b6270 96701->96722 96702->96681 96705 7b395a 96707 7b6b57 22 API calls 96705->96707 96706 7f3393 LoadStringW 96708 7f33ad 96706->96708 96709 7b396f 96707->96709 96716 7b3994 ___scrt_fastfail 96708->96716 96728 7ba8c7 22 API calls __fread_nolock 96708->96728 96710 7f33c9 96709->96710 96711 7b397c 96709->96711 96729 7b6350 22 API calls 96710->96729 96711->96708 96712 7b3986 96711->96712 96727 7b6350 22 API calls 96712->96727 96719 7b39f9 Shell_NotifyIconW 96716->96719 96717 7f33d7 96717->96716 96718 7b33c6 22 API calls 96717->96718 96720 7f33f9 96718->96720 96719->96702 96721 7b33c6 22 API calls 96720->96721 96721->96716 96723 7cfe0b 22 API calls 96722->96723 96724 7b6295 96723->96724 96725 7cfddb 22 API calls 96724->96725 96726 7b394d 96725->96726 96726->96705 96726->96706 96727->96716 96728->96716 96729->96717 96731 7f35a4 96730->96731 96732 7b38b7 96730->96732 96731->96732 96733 7f35ad DestroyIcon 96731->96733 96732->96697 96734 81c874 42 API calls _strftime 96732->96734 96733->96732 96734->96697 96735 842a55 96743 821ebc 96735->96743 96738 842a70 96745 8139c0 22 API calls 96738->96745 96739 842a87 96741 842a7c 96746 81417d 22 API calls __fread_nolock 96741->96746 96744 821ec3 IsWindow 96743->96744 96744->96738 96744->96739 96745->96741 96746->96739 96747 7bdea9 96750 7b1e74 96747->96750 96749 7bdeb3 96751 7b1e8b 96750->96751 96752 7b1f6f 348 API calls 96751->96752 96753 7b1eaa 96752->96753 96753->96749 96754 803f75 96765 7cceb1 96754->96765 96756 803f8b 96757 804006 96756->96757 96774 7ce300 23 API calls 96756->96774 96759 7bbf40 348 API calls 96757->96759 96760 804052 96759->96760 96763 804a88 96760->96763 96776 82359c 82 API calls __wsopen_s 96760->96776 96761 803fe6 96761->96760 96775 821abf 22 API calls 96761->96775 96766 7ccebf 96765->96766 96767 7cced2 96765->96767 96768 7baceb 23 API calls 96766->96768 96769 7ccf05 96767->96769 96770 7cced7 96767->96770 96773 7ccec9 96768->96773 96772 7baceb 23 API calls 96769->96772 96771 7cfddb 22 API calls 96770->96771 96771->96773 96772->96773 96773->96756 96774->96761 96775->96757 96776->96763 96777 7b1cad SystemParametersInfoW 96778 7b2de3 96779 7b2df0 __wsopen_s 96778->96779 96780 7b2e09 96779->96780 96781 7f2c2b ___scrt_fastfail 96779->96781 96782 7b3aa2 23 API calls 96780->96782 96783 7f2c47 GetOpenFileNameW 96781->96783 96784 7b2e12 96782->96784 96785 7f2c96 96783->96785 96794 7b2da5 96784->96794 96787 7b6b57 22 API calls 96785->96787 96789 7f2cab 96787->96789 96789->96789 96791 7b2e27 96812 7b44a8 96791->96812 96795 7f1f50 __wsopen_s 96794->96795 96796 7b2db2 GetLongPathNameW 96795->96796 96797 7b6b57 22 API calls 96796->96797 96798 7b2dda 96797->96798 96799 7b3598 96798->96799 96800 7ba961 22 API calls 96799->96800 96801 7b35aa 96800->96801 96802 7b3aa2 23 API calls 96801->96802 96803 7b35b5 96802->96803 96804 7f32eb 96803->96804 96805 7b35c0 96803->96805 96810 7f330d 96804->96810 96847 7cce60 41 API calls 96804->96847 96806 7b515f 22 API calls 96805->96806 96808 7b35cc 96806->96808 96841 7b35f3 96808->96841 96811 7b35df 96811->96791 96813 7b4ecb 94 API calls 96812->96813 96814 7b44cd 96813->96814 96815 7f3833 96814->96815 96817 7b4ecb 94 API calls 96814->96817 96816 822cf9 80 API calls 96815->96816 96818 7f3848 96816->96818 96819 7b44e1 96817->96819 96820 7f384c 96818->96820 96821 7f3869 96818->96821 96819->96815 96822 7b44e9 96819->96822 96825 7b4f39 68 API calls 96820->96825 96826 7cfe0b 22 API calls 96821->96826 96823 7f3854 96822->96823 96824 7b44f5 96822->96824 96849 81da5a 82 API calls 96823->96849 96848 7b940c 136 API calls 2 library calls 96824->96848 96825->96823 96840 7f38ae 96826->96840 96829 7b2e31 96830 7f3862 96830->96821 96831 7b4f39 68 API calls 96835 7f3a5f 96831->96835 96835->96831 96855 81989b 82 API calls __wsopen_s 96835->96855 96837 7b9cb3 22 API calls 96837->96840 96840->96835 96840->96837 96850 81967e 22 API calls __fread_nolock 96840->96850 96851 8195ad 42 API calls _wcslen 96840->96851 96852 820b5a 22 API calls 96840->96852 96853 7ba4a1 22 API calls __fread_nolock 96840->96853 96854 7b3ff7 22 API calls 96840->96854 96842 7b3605 96841->96842 96846 7b3624 __fread_nolock 96841->96846 96844 7cfe0b 22 API calls 96842->96844 96843 7cfddb 22 API calls 96845 7b363b 96843->96845 96844->96846 96845->96811 96846->96843 96847->96804 96848->96829 96849->96830 96850->96840 96851->96840 96852->96840 96853->96840 96854->96840 96855->96835 96856 7f2ba5 96857 7f2baf 96856->96857 96858 7b2b25 96856->96858 96860 7b3a5a 24 API calls 96857->96860 96884 7b2b83 7 API calls 96858->96884 96862 7f2bb8 96860->96862 96864 7b9cb3 22 API calls 96862->96864 96866 7f2bc6 96864->96866 96865 7b2b2f 96870 7b3837 49 API calls 96865->96870 96876 7b2b44 96865->96876 96867 7f2bce 96866->96867 96868 7f2bf5 96866->96868 96869 7b33c6 22 API calls 96867->96869 96871 7b33c6 22 API calls 96868->96871 96872 7f2bd9 96869->96872 96870->96876 96873 7f2bf1 GetForegroundWindow ShellExecuteW 96871->96873 96888 7b6350 22 API calls 96872->96888 96879 7f2c26 96873->96879 96877 7b2b5f 96876->96877 96880 7b30f2 Shell_NotifyIconW 96876->96880 96882 7b2b66 SetCurrentDirectoryW 96877->96882 96878 7f2be7 96881 7b33c6 22 API calls 96878->96881 96879->96877 96880->96877 96881->96873 96883 7b2b7a 96882->96883 96889 7b2cd4 7 API calls 96884->96889 96886 7b2b2a 96887 7b2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96886->96887 96887->96865 96888->96878 96889->96886 96890 7e8402 96895 7e81be 96890->96895 96893 7e842a 96900 7e81ef try_get_first_available_module 96895->96900 96897 7e83ee 96914 7e27ec 26 API calls __cftof 96897->96914 96899 7e8343 96899->96893 96907 7f0984 96899->96907 96900->96900 96903 7e8338 96900->96903 96910 7d8e0b 40 API calls 2 library calls 96900->96910 96902 7e838c 96902->96903 96911 7d8e0b 40 API calls 2 library calls 96902->96911 96903->96899 96913 7df2d9 20 API calls __dosmaperr 96903->96913 96905 7e83ab 96905->96903 96912 7d8e0b 40 API calls 2 library calls 96905->96912 96915 7f0081 96907->96915 96909 7f099f 96909->96893 96910->96902 96911->96905 96912->96903 96913->96897 96914->96899 96917 7f008d CallCatchBlock 96915->96917 96916 7f009b 96972 7df2d9 20 API calls __dosmaperr 96916->96972 96917->96916 96919 7f00d4 96917->96919 96926 7f065b 96919->96926 96920 7f00a0 96973 7e27ec 26 API calls __cftof 96920->96973 96924 7f00aa __wsopen_s 96924->96909 96927 7f0678 96926->96927 96928 7f068d 96927->96928 96929 7f06a6 96927->96929 96989 7df2c6 20 API calls __dosmaperr 96928->96989 96975 7e5221 96929->96975 96932 7f0692 96990 7df2d9 20 API calls __dosmaperr 96932->96990 96933 7f06ab 96934 7f06cb 96933->96934 96935 7f06b4 96933->96935 96988 7f039a CreateFileW 96934->96988 96991 7df2c6 20 API calls __dosmaperr 96935->96991 96939 7f06b9 96992 7df2d9 20 API calls __dosmaperr 96939->96992 96940 7f0781 GetFileType 96943 7f078c GetLastError 96940->96943 96944 7f07d3 96940->96944 96942 7f0756 GetLastError 96994 7df2a3 20 API calls __dosmaperr 96942->96994 96995 7df2a3 20 API calls __dosmaperr 96943->96995 96997 7e516a 21 API calls 2 library calls 96944->96997 96945 7f0704 96945->96940 96945->96942 96993 7f039a CreateFileW 96945->96993 96949 7f079a CloseHandle 96949->96932 96952 7f07c3 96949->96952 96951 7f0749 96951->96940 96951->96942 96996 7df2d9 20 API calls __dosmaperr 96952->96996 96954 7f07f4 96956 7f0840 96954->96956 96998 7f05ab 72 API calls 3 library calls 96954->96998 96955 7f07c8 96955->96932 96960 7f086d 96956->96960 96999 7f014d 72 API calls 4 library calls 96956->96999 96959 7f0866 96959->96960 96961 7f087e 96959->96961 96962 7e86ae __wsopen_s 29 API calls 96960->96962 96963 7f00f8 96961->96963 96964 7f08fc CloseHandle 96961->96964 96962->96963 96974 7f0121 LeaveCriticalSection __wsopen_s 96963->96974 97000 7f039a CreateFileW 96964->97000 96966 7f0927 96967 7f095d 96966->96967 96968 7f0931 GetLastError 96966->96968 96967->96963 97001 7df2a3 20 API calls __dosmaperr 96968->97001 96970 7f093d 97002 7e5333 21 API calls 2 library calls 96970->97002 96972->96920 96973->96924 96974->96924 96976 7e522d CallCatchBlock 96975->96976 97003 7e2f5e EnterCriticalSection 96976->97003 96978 7e5259 96980 7e5000 __wsopen_s 21 API calls 96978->96980 96983 7e525e 96980->96983 96981 7e52a4 __wsopen_s 96981->96933 96982 7e5234 96982->96978 96984 7e52c7 EnterCriticalSection 96982->96984 96986 7e527b 96982->96986 96983->96986 97007 7e5147 EnterCriticalSection 96983->97007 96985 7e52d4 LeaveCriticalSection 96984->96985 96984->96986 96985->96982 97004 7e532a 96986->97004 96988->96945 96989->96932 96990->96963 96991->96939 96992->96932 96993->96951 96994->96932 96995->96949 96996->96955 96997->96954 96998->96956 96999->96959 97000->96966 97001->96970 97002->96967 97003->96982 97008 7e2fa6 LeaveCriticalSection 97004->97008 97006 7e5331 97006->96981 97007->96986 97008->97006 97009 7f2402 97012 7b1410 97009->97012 97013 7b144f mciSendStringW 97012->97013 97014 7f24b8 DestroyWindow 97012->97014 97015 7b146b 97013->97015 97016 7b16c6 97013->97016 97027 7f24c4 97014->97027 97017 7b1479 97015->97017 97015->97027 97016->97015 97018 7b16d5 UnregisterHotKey 97016->97018 97045 7b182e 97017->97045 97018->97016 97020 7f2509 97026 7f251c FreeLibrary 97020->97026 97028 7f252d 97020->97028 97021 7f24d8 97021->97027 97051 7b6246 CloseHandle 97021->97051 97022 7f24e2 FindClose 97022->97027 97025 7b148e 97025->97028 97033 7b149c 97025->97033 97026->97020 97027->97020 97027->97021 97027->97022 97029 7f2541 VirtualFree 97028->97029 97036 7b1509 97028->97036 97029->97028 97030 7b14f8 CoUninitialize 97030->97036 97031 7f2589 97038 7f2598 ISource 97031->97038 97052 8232eb 6 API calls ISource 97031->97052 97032 7b1514 97035 7b1524 97032->97035 97033->97030 97049 7b1944 VirtualFreeEx CloseHandle 97035->97049 97036->97031 97036->97032 97041 7f2627 97038->97041 97053 8164d4 22 API calls ISource 97038->97053 97040 7b153a 97040->97038 97042 7b161f 97040->97042 97041->97041 97042->97041 97050 7b1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 97042->97050 97044 7b16c1 97046 7b183b 97045->97046 97047 7b1480 97046->97047 97054 81702a 22 API calls 97046->97054 97047->97020 97047->97025 97049->97040 97050->97044 97051->97021 97052->97031 97053->97038 97054->97046 97055 7b1044 97060 7b10f3 97055->97060 97057 7b104a 97096 7d00a3 29 API calls __onexit 97057->97096 97059 7b1054 97097 7b1398 97060->97097 97064 7b116a 97065 7ba961 22 API calls 97064->97065 97066 7b1174 97065->97066 97067 7ba961 22 API calls 97066->97067 97068 7b117e 97067->97068 97069 7ba961 22 API calls 97068->97069 97070 7b1188 97069->97070 97071 7ba961 22 API calls 97070->97071 97072 7b11c6 97071->97072 97073 7ba961 22 API calls 97072->97073 97074 7b1292 97073->97074 97107 7b171c 97074->97107 97078 7b12c4 97079 7ba961 22 API calls 97078->97079 97080 7b12ce 97079->97080 97081 7c1940 9 API calls 97080->97081 97082 7b12f9 97081->97082 97128 7b1aab 97082->97128 97084 7b1315 97085 7b1325 GetStdHandle 97084->97085 97086 7b137a 97085->97086 97087 7f2485 97085->97087 97091 7b1387 OleInitialize 97086->97091 97087->97086 97088 7f248e 97087->97088 97089 7cfddb 22 API calls 97088->97089 97090 7f2495 97089->97090 97135 82011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97090->97135 97091->97057 97093 7f249e 97136 820944 CreateThread 97093->97136 97095 7f24aa CloseHandle 97095->97086 97096->97059 97137 7b13f1 97097->97137 97100 7b13f1 22 API calls 97101 7b13d0 97100->97101 97102 7ba961 22 API calls 97101->97102 97103 7b13dc 97102->97103 97104 7b6b57 22 API calls 97103->97104 97105 7b1129 97104->97105 97106 7b1bc3 6 API calls 97105->97106 97106->97064 97108 7ba961 22 API calls 97107->97108 97109 7b172c 97108->97109 97110 7ba961 22 API calls 97109->97110 97111 7b1734 97110->97111 97112 7ba961 22 API calls 97111->97112 97113 7b174f 97112->97113 97114 7cfddb 22 API calls 97113->97114 97115 7b129c 97114->97115 97116 7b1b4a 97115->97116 97117 7b1b58 97116->97117 97118 7ba961 22 API calls 97117->97118 97119 7b1b63 97118->97119 97120 7ba961 22 API calls 97119->97120 97121 7b1b6e 97120->97121 97122 7ba961 22 API calls 97121->97122 97123 7b1b79 97122->97123 97124 7ba961 22 API calls 97123->97124 97125 7b1b84 97124->97125 97126 7cfddb 22 API calls 97125->97126 97127 7b1b96 RegisterWindowMessageW 97126->97127 97127->97078 97129 7b1abb 97128->97129 97130 7f272d 97128->97130 97131 7cfddb 22 API calls 97129->97131 97144 823209 23 API calls 97130->97144 97133 7b1ac3 97131->97133 97133->97084 97134 7f2738 97135->97093 97136->97095 97145 82092a 28 API calls 97136->97145 97138 7ba961 22 API calls 97137->97138 97139 7b13fc 97138->97139 97140 7ba961 22 API calls 97139->97140 97141 7b1404 97140->97141 97142 7ba961 22 API calls 97141->97142 97143 7b13c6 97142->97143 97143->97100 97144->97134

                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                          Function 007B42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 394 7b42de-7b434d call 7ba961 GetVersionExW call 7b6b57 399 7f3617-7f362a 394->399 400 7b4353 394->400 401 7f362b-7f362f 399->401 402 7b4355-7b4357 400->402 403 7f3632-7f363e 401->403 404 7f3631 401->404 405 7b435d-7b43bc call 7b93b2 call 7b37a0 402->405 406 7f3656 402->406 403->401 407 7f3640-7f3642 403->407 404->403 422 7f37df-7f37e6 405->422 423 7b43c2-7b43c4 405->423 410 7f365d-7f3660 406->410 407->402 409 7f3648-7f364f 407->409 409->399 413 7f3651 409->413 414 7b441b-7b4435 GetCurrentProcess IsWow64Process 410->414 415 7f3666-7f36a8 410->415 413->406 417 7b4437 414->417 418 7b4494-7b449a 414->418 415->414 419 7f36ae-7f36b1 415->419 424 7b443d-7b4449 417->424 418->424 420 7f36db-7f36e5 419->420 421 7f36b3-7f36bd 419->421 428 7f36f8-7f3702 420->428 429 7f36e7-7f36f3 420->429 425 7f36bf-7f36c5 421->425 426 7f36ca-7f36d6 421->426 430 7f37e8 422->430 431 7f3806-7f3809 422->431 423->410 427 7b43ca-7b43dd 423->427 432 7b444f-7b445e LoadLibraryA 424->432 433 7f3824-7f3828 GetSystemInfo 424->433 425->414 426->414 434 7b43e3-7b43e5 427->434 435 7f3726-7f372f 427->435 437 7f3715-7f3721 428->437 438 7f3704-7f3710 428->438 429->414 436 7f37ee 430->436 439 7f380b-7f381a 431->439 440 7f37f4-7f37fc 431->440 441 7b449c-7b44a6 GetSystemInfo 432->441 442 7b4460-7b446e GetProcAddress 432->442 444 7b43eb-7b43ee 434->444 445 7f374d-7f3762 434->445 446 7f373c-7f3748 435->446 447 7f3731-7f3737 435->447 436->440 437->414 438->414 439->436 448 7f381c-7f3822 439->448 440->431 443 7b4476-7b4478 441->443 442->441 449 7b4470-7b4474 GetNativeSystemInfo 442->449 454 7b447a-7b447b FreeLibrary 443->454 455 7b4481-7b4493 443->455 450 7f3791-7f3794 444->450 451 7b43f4-7b440f 444->451 452 7f376f-7f377b 445->452 453 7f3764-7f376a 445->453 446->414 447->414 448->440 449->443 450->414 456 7f379a-7f37c1 450->456 457 7b4415 451->457 458 7f3780-7f378c 451->458 452->414 453->414 454->455 459 7f37ce-7f37da 456->459 460 7f37c3-7f37c9 456->460 457->414 458->414 459->414 460->414
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetVersionExW.KERNEL32(?), ref: 007B430D
                                                                                                                                                                                                                                                                            • Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A
                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,0084CB64,00000000,?,?), ref: 007B4422
                                                                                                                                                                                                                                                                          • IsWow64Process.KERNEL32(00000000,?,?), ref: 007B4429
                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 007B4454
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 007B4466
                                                                                                                                                                                                                                                                          • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 007B4474
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?), ref: 007B447B
                                                                                                                                                                                                                                                                          • GetSystemInfo.KERNEL32(?,?,?), ref: 007B44A0
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                          • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                          • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                          • Opcode ID: 31c10f58583c204bf89f278d7d2773f985706a9e11b57451ca549c14679100e9
                                                                                                                                                                                                                                                                          • Instruction ID: 61ec2583f1aaf40ba2d2d5b8f74cc5127ade140d97c6b80256baa2f274d974ae
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31c10f58583c204bf89f278d7d2773f985706a9e11b57451ca549c14679100e9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7A1737690A2C4DFCF12D76D7C8D6E67FAC7B26740B184899D18193B23DE6C460ACB21
                                                                                                                                                                                                                                                                          Function 007B42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 798 7b42a2-7b42ba CreateStreamOnHGlobal 799 7b42da-7b42dd 798->799 800 7b42bc-7b42d3 FindResourceExW 798->800 801 7b42d9 800->801 802 7f35ba-7f35c9 LoadResource 800->802 801->799 802->801 803 7f35cf-7f35dd SizeofResource 802->803 803->801 804 7f35e3-7f35ee LockResource 803->804 804->801 805 7f35f4-7f3612 804->805 805->801
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,007B50AA,?,?,00000000,00000000), ref: 007B42B2
                                                                                                                                                                                                                                                                          • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,007B50AA,?,?,00000000,00000000), ref: 007B42C9
                                                                                                                                                                                                                                                                          • LoadResource.KERNEL32(?,00000000,?,?,007B50AA,?,?,00000000,00000000,?,?,?,?,?,?,007B4F20), ref: 007F35BE
                                                                                                                                                                                                                                                                          • SizeofResource.KERNEL32(?,00000000,?,?,007B50AA,?,?,00000000,00000000,?,?,?,?,?,?,007B4F20), ref: 007F35D3
                                                                                                                                                                                                                                                                          • LockResource.KERNEL32(007B50AA,?,?,007B50AA,?,?,00000000,00000000,?,?,?,?,?,?,007B4F20,?), ref: 007F35E6
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                          • String ID: SCRIPT
                                                                                                                                                                                                                                                                          • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                          • Opcode ID: cf4bbba20324b258387833fd08b62981aea744ae5bb7e1d5baaf0f0c933de58b
                                                                                                                                                                                                                                                                          • Instruction ID: 9dc274f03fe5e6c1ad48d25770722103672931bd6b9fee83b357adfcf5360853
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf4bbba20324b258387833fd08b62981aea744ae5bb7e1d5baaf0f0c933de58b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41117C75201700BFEB218FA5DC49FA77BBDFBC6B51F104169B412D6260DBB1D800D620
                                                                                                                                                                                                                                                                          Function 007F2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 007B2B6B
                                                                                                                                                                                                                                                                            • Part of subcall function 007B3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00881418,?,007B2E7F,?,?,?,00000000), ref: 007B3A78
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32(runas,?,?,?,?,?,00872224), ref: 007F2C10
                                                                                                                                                                                                                                                                          • ShellExecuteW.SHELL32(00000000,?,?,00872224), ref: 007F2C17
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                          • String ID: runas
                                                                                                                                                                                                                                                                          • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                          • Opcode ID: 2694e82f5ba4045dbc9d9f64798f5717c707d6bab01aa909cc4224f7c2f580bd
                                                                                                                                                                                                                                                                          • Instruction ID: 7ac80b73e449079be8b94949505e84ee727149f2b9ca01b8cbae699e9eb4802c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2694e82f5ba4045dbc9d9f64798f5717c707d6bab01aa909cc4224f7c2f580bd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1611D571209305EAC704FF60D859BEEBBA9AB91700F44042DF256431A3DF2C898AC712
                                                                                                                                                                                                                                                                          Function 0081D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 0081D501
                                                                                                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 0081D50F
                                                                                                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 0081D52F
                                                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(00000000), ref: 0081D5DC
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 420147892-0
                                                                                                                                                                                                                                                                          • Opcode ID: a1ccf2014cc592bab459987a593b026a3ea143ba6fd07ef37e8f8eeb29746ffd
                                                                                                                                                                                                                                                                          • Instruction ID: 3aeea90104eb74051dd1f5db9c70921e7c62b55fc94638c7c2f57f4c9a66b9a1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1ccf2014cc592bab459987a593b026a3ea143ba6fd07ef37e8f8eeb29746ffd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1314D711083009FD301EF54C889BEABBE9FF99354F14092DF685861A1EB719985CB92
                                                                                                                                                                                                                                                                          Function 0081DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 998 81dbbe-81dbda lstrlenW 999 81dc06 998->999 1000 81dbdc-81dbe6 GetFileAttributesW 998->1000 1001 81dc09-81dc0d 999->1001 1000->1001 1002 81dbe8-81dbf7 FindFirstFileW 1000->1002 1002->999 1003 81dbf9-81dc04 FindClose 1002->1003 1003->1001
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,007F5222), ref: 0081DBCE
                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?), ref: 0081DBDD
                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0081DBEE
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0081DBFA
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                          • Opcode ID: 3d48c97496f11d05d3582c45ee4bc749237b0d9ad5c021e5b7f5f790f585a59f
                                                                                                                                                                                                                                                                          • Instruction ID: 36c2b104dfb7976c156c182724837bb5210a72e3bfd13ab95c398a7b0f847fa2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d48c97496f11d05d3582c45ee4bc749237b0d9ad5c021e5b7f5f790f585a59f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BAF0A038811A245782206B78AC0D9EA376CFF02334B104B02F936C22E0FBF05994C6D5
                                                                                                                                                                                                                                                                          Function 007D4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(007E28E9,?,007D4CBE,007E28E9,008788B8,0000000C,007D4E15,007E28E9,00000002,00000000,?,007E28E9), ref: 007D4D09
                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,007D4CBE,007E28E9,008788B8,0000000C,007D4E15,007E28E9,00000002,00000000,?,007E28E9), ref: 007D4D10
                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 007D4D22
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                          • Opcode ID: dce429a0df2e16f58f25ba3119464e8b76d42070d0f0f1a3e67919aedbaa87bb
                                                                                                                                                                                                                                                                          • Instruction ID: a2c2ab1ec915e69465f933999e2f24e945c0cb0d0ed57f2f6f8fe7142d9bc3c6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dce429a0df2e16f58f25ba3119464e8b76d42070d0f0f1a3e67919aedbaa87bb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CE0B635101588ABCF61AF64DD0DA583B7EFB46785B144015FD058B222CB39DD42CA90
                                                                                                                                                                                                                                                                          Function 0083AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 0 83aff9-83b056 call 7d2340 3 83b094-83b098 0->3 4 83b058-83b06b call 7bb567 0->4 6 83b09a-83b0bb call 7bb567 * 2 3->6 7 83b0dd-83b0e0 3->7 14 83b0c8 4->14 15 83b06d-83b092 call 7bb567 * 2 4->15 29 83b0bf-83b0c4 6->29 10 83b0e2-83b0e5 7->10 11 83b0f5-83b119 call 7b7510 call 7b7620 7->11 16 83b0e8-83b0ed call 7bb567 10->16 31 83b1d8-83b1e0 11->31 32 83b11f-83b178 call 7b7510 call 7b7620 call 7b7510 call 7b7620 call 7b7510 call 7b7620 11->32 19 83b0cb-83b0cf 14->19 15->29 16->11 24 83b0d1-83b0d7 19->24 25 83b0d9-83b0db 19->25 24->16 25->7 25->11 29->7 33 83b0c6 29->33 36 83b1e2-83b1fd call 7b7510 call 7b7620 31->36 37 83b20a-83b238 GetCurrentDirectoryW call 7cfe0b GetCurrentDirectoryW 31->37 79 83b1a6-83b1d6 GetSystemDirectoryW call 7cfe0b GetSystemDirectoryW 32->79 80 83b17a-83b195 call 7b7510 call 7b7620 32->80 33->19 36->37 50 83b1ff-83b208 call 7d4963 36->50 46 83b23c 37->46 49 83b240-83b244 46->49 52 83b246-83b270 call 7b9c6e * 3 49->52 53 83b275-83b285 call 8200d9 49->53 50->37 50->53 52->53 62 83b287-83b289 53->62 63 83b28b-83b2e1 call 8207c0 call 8206e6 call 8205a7 53->63 66 83b2ee-83b2f2 62->66 63->66 99 83b2e3 63->99 71 83b39a-83b3be CreateProcessW 66->71 72 83b2f8-83b321 call 8111c8 66->72 77 83b3c1-83b3d4 call 7cfe14 * 2 71->77 84 83b323-83b328 call 811201 72->84 85 83b32a call 8114ce 72->85 103 83b3d6-83b3e8 77->103 104 83b42f-83b43d CloseHandle 77->104 79->46 80->79 105 83b197-83b1a0 call 7d4963 80->105 98 83b32f-83b33c call 7d4963 84->98 85->98 115 83b347-83b357 call 7d4963 98->115 116 83b33e-83b345 98->116 99->66 109 83b3ea 103->109 110 83b3ed-83b3fc 103->110 107 83b43f-83b444 104->107 108 83b49c 104->108 105->49 105->79 117 83b451-83b456 107->117 118 83b446-83b44c CloseHandle 107->118 113 83b4a0-83b4a4 108->113 109->110 111 83b401-83b42a GetLastError call 7b630c call 7bcfa0 110->111 112 83b3fe 110->112 127 83b4e5-83b4f6 call 820175 111->127 112->111 120 83b4b2-83b4bc 113->120 121 83b4a6-83b4b0 113->121 136 83b362-83b372 call 7d4963 115->136 137 83b359-83b360 115->137 116->115 116->116 124 83b463-83b468 117->124 125 83b458-83b45e CloseHandle 117->125 118->117 128 83b4c4-83b4e3 call 7bcfa0 CloseHandle 120->128 129 83b4be 120->129 121->127 131 83b475-83b49a call 8209d9 call 83b536 124->131 132 83b46a-83b470 CloseHandle 124->132 125->124 128->127 129->128 131->113 132->131 146 83b374-83b37b 136->146 147 83b37d-83b398 call 7cfe14 * 3 136->147 137->136 137->137 146->146 146->147 147->77
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0083B198
                                                                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0083B1B0
                                                                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0083B1D4
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0083B200
                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0083B214
                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0083B236
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0083B332
                                                                                                                                                                                                                                                                            • Part of subcall function 008205A7: GetStdHandle.KERNEL32(000000F6), ref: 008205C6
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0083B34B
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0083B366
                                                                                                                                                                                                                                                                          • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0083B3B6
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 0083B407
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0083B439
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0083B44A
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0083B45C
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0083B46E
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0083B4E3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                          • Opcode ID: 230adcc91a068a44d8dc80fca3fc6cab5d8e81137f9015f1bb7613c248007a66
                                                                                                                                                                                                                                                                          • Instruction ID: bfba125c42c2d90b8d22faba33be38814aadcdcf8a012eabf3d6b031a481c1b6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 230adcc91a068a44d8dc80fca3fc6cab5d8e81137f9015f1bb7613c248007a66
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9F17871608200DFC724EF24C895B6ABBE5FF85314F14855DF99A8B2A2DB35EC40CB92
                                                                                                                                                                                                                                                                          Function 007BD730 Relevance: 21.6, APIs: 14, Instructions: 625sleeptimeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Sleep$InputStateTimetime
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2764417729-0
                                                                                                                                                                                                                                                                          • Opcode ID: 07e39501b93489dc62009f10698ffdc086f9049a93e99ea6db036c119962b45f
                                                                                                                                                                                                                                                                          • Instruction ID: 4125d85a3dc46137871eff63ddfb2b394bf8149a8ea515fa9fc83bf85e5de62c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07e39501b93489dc62009f10698ffdc086f9049a93e99ea6db036c119962b45f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6342F170608241DFDB78CF28C898BAABBA5FF45314F14855DE456C7291EBB8EC44CB92
                                                                                                                                                                                                                                                                          Function 007B2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 007B2D07
                                                                                                                                                                                                                                                                          • RegisterClassExW.USER32(00000030), ref: 007B2D31
                                                                                                                                                                                                                                                                          • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007B2D42
                                                                                                                                                                                                                                                                          • InitCommonControlsEx.COMCTL32(?), ref: 007B2D5F
                                                                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007B2D6F
                                                                                                                                                                                                                                                                          • LoadIconW.USER32(000000A9), ref: 007B2D85
                                                                                                                                                                                                                                                                          • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007B2D94
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                          • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                          • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                          • Opcode ID: 5c9c7066c3ee1da42398b0de6f60ee8415a81a220b1ad89d780fe10640f7be95
                                                                                                                                                                                                                                                                          • Instruction ID: 8879d03ee50ffe2237a71d7ec4411db2416d1c514cb5eaa59a6f2174bf05b97b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c9c7066c3ee1da42398b0de6f60ee8415a81a220b1ad89d780fe10640f7be95
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F421BFB5912318AFDF40DFA8EC89BDDBFB8FB09700F00811AE611A62A0DBB55545CF91
                                                                                                                                                                                                                                                                          Function 007F065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 462 7f065b-7f068b call 7f042f 465 7f068d-7f0698 call 7df2c6 462->465 466 7f06a6-7f06b2 call 7e5221 462->466 471 7f069a-7f06a1 call 7df2d9 465->471 472 7f06cb-7f0714 call 7f039a 466->472 473 7f06b4-7f06c9 call 7df2c6 call 7df2d9 466->473 482 7f097d-7f0983 471->482 480 7f0716-7f071f 472->480 481 7f0781-7f078a GetFileType 472->481 473->471 484 7f0756-7f077c GetLastError call 7df2a3 480->484 485 7f0721-7f0725 480->485 486 7f078c-7f07bd GetLastError call 7df2a3 CloseHandle 481->486 487 7f07d3-7f07d6 481->487 484->471 485->484 491 7f0727-7f0754 call 7f039a 485->491 486->471 501 7f07c3-7f07ce call 7df2d9 486->501 489 7f07df-7f07e5 487->489 490 7f07d8-7f07dd 487->490 494 7f07e9-7f0837 call 7e516a 489->494 495 7f07e7 489->495 490->494 491->481 491->484 505 7f0839-7f0845 call 7f05ab 494->505 506 7f0847-7f086b call 7f014d 494->506 495->494 501->471 505->506 511 7f086f-7f0879 call 7e86ae 505->511 512 7f087e-7f08c1 506->512 513 7f086d 506->513 511->482 515 7f08c3-7f08c7 512->515 516 7f08e2-7f08f0 512->516 513->511 515->516 518 7f08c9-7f08dd 515->518 519 7f097b 516->519 520 7f08f6-7f08fa 516->520 518->516 519->482 520->519 521 7f08fc-7f092f CloseHandle call 7f039a 520->521 524 7f0963-7f0977 521->524 525 7f0931-7f095d GetLastError call 7df2a3 call 7e5333 521->525 524->519 525->524
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007F039A: CreateFileW.KERNELBASE(00000000,00000000,?,007F0704,?,?,00000000,?,007F0704,00000000,0000000C), ref: 007F03B7
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007F076F
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 007F0776
                                                                                                                                                                                                                                                                          • GetFileType.KERNELBASE(00000000), ref: 007F0782
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007F078C
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 007F0795
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 007F07B5
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 007F08FF
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007F0931
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 007F0938
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                                                                                          • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                          • Opcode ID: d4680d2a229a141b0ed13f6f578cfc159a766640b16e3c78f19a6708fe1e7274
                                                                                                                                                                                                                                                                          • Instruction ID: 8a588d23177dece8688b7e48c3c2da8e2802d26e9bc10e0f19c3715b25a87639
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4680d2a229a141b0ed13f6f578cfc159a766640b16e3c78f19a6708fe1e7274
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00A12136A001088FDF19EF68D855BBE7BA0AB06320F14419EF9159F3D2DB399912CB91
                                                                                                                                                                                                                                                                          Function 007B344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00881418,?,007B2E7F,?,?,?,00000000), ref: 007B3A78
                                                                                                                                                                                                                                                                            • Part of subcall function 007B3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 007B3379
                                                                                                                                                                                                                                                                          • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 007B356A
                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 007F318D
                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 007F31CE
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 007F3210
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007F3277
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007F3286
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                          • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                          • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                          • Opcode ID: 9a636b756947fba5c2e75dd64258a8ce1ba7e49f0183d785d84f2727e2b5991d
                                                                                                                                                                                                                                                                          • Instruction ID: 1236ad3a734e0ee10517d16f7ea4996bb8f5b3dd570e88656f6d5a9256f23afd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a636b756947fba5c2e75dd64258a8ce1ba7e49f0183d785d84f2727e2b5991d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD716A71405305EEC314EF69EC95AABBBE8FF85740B40042EF655C3271EB389A48CB62
                                                                                                                                                                                                                                                                          Function 007B2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 007B2B8E
                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 007B2B9D
                                                                                                                                                                                                                                                                          • LoadIconW.USER32(00000063), ref: 007B2BB3
                                                                                                                                                                                                                                                                          • LoadIconW.USER32(000000A4), ref: 007B2BC5
                                                                                                                                                                                                                                                                          • LoadIconW.USER32(000000A2), ref: 007B2BD7
                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 007B2BEF
                                                                                                                                                                                                                                                                          • RegisterClassExW.USER32(?), ref: 007B2C40
                                                                                                                                                                                                                                                                            • Part of subcall function 007B2CD4: GetSysColorBrush.USER32(0000000F), ref: 007B2D07
                                                                                                                                                                                                                                                                            • Part of subcall function 007B2CD4: RegisterClassExW.USER32(00000030), ref: 007B2D31
                                                                                                                                                                                                                                                                            • Part of subcall function 007B2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007B2D42
                                                                                                                                                                                                                                                                            • Part of subcall function 007B2CD4: InitCommonControlsEx.COMCTL32(?), ref: 007B2D5F
                                                                                                                                                                                                                                                                            • Part of subcall function 007B2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007B2D6F
                                                                                                                                                                                                                                                                            • Part of subcall function 007B2CD4: LoadIconW.USER32(000000A9), ref: 007B2D85
                                                                                                                                                                                                                                                                            • Part of subcall function 007B2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007B2D94
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                          • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                          • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                          • Opcode ID: d36d145775cf70a54cd6a93cdd3c0554e2b37fddffb127c3d916665bce99116b
                                                                                                                                                                                                                                                                          • Instruction ID: e1a53c659e09ba698b868a48229e5b1025f05cc04d19d0575434c9adc7912632
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d36d145775cf70a54cd6a93cdd3c0554e2b37fddffb127c3d916665bce99116b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03211874E01318ABDF109FA9EC59BA97FB8FB48B50F00402AE600A67A0DBB90541CF90
                                                                                                                                                                                                                                                                          Function 007B3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 603 7b3170-7b3185 604 7b3187-7b318a 603->604 605 7b31e5-7b31e7 603->605 607 7b31eb 604->607 608 7b318c-7b3193 604->608 605->604 606 7b31e9 605->606 609 7b31d0-7b31d8 DefWindowProcW 606->609 610 7f2dfb-7f2e23 call 7b18e2 call 7ce499 607->610 611 7b31f1-7b31f6 607->611 612 7b3199-7b319e 608->612 613 7b3265-7b326d PostQuitMessage 608->613 620 7b31de-7b31e4 609->620 649 7f2e28-7f2e2f 610->649 615 7b31f8-7b31fb 611->615 616 7b321d-7b3244 SetTimer RegisterWindowMessageW 611->616 618 7f2e7c-7f2e90 call 81bf30 612->618 619 7b31a4-7b31a8 612->619 614 7b3219-7b321b 613->614 614->620 621 7f2d9c-7f2d9f 615->621 622 7b3201-7b320f KillTimer call 7b30f2 615->622 616->614 624 7b3246-7b3251 CreatePopupMenu 616->624 618->614 644 7f2e96 618->644 625 7b31ae-7b31b3 619->625 626 7f2e68-7f2e72 call 81c161 619->626 628 7f2dd7-7f2df6 MoveWindow 621->628 629 7f2da1-7f2da5 621->629 639 7b3214 call 7b3c50 622->639 624->614 633 7f2e4d-7f2e54 625->633 634 7b31b9-7b31be 625->634 640 7f2e77 626->640 628->614 636 7f2da7-7f2daa 629->636 637 7f2dc6-7f2dd2 SetFocus 629->637 633->609 638 7f2e5a-7f2e63 call 810ad7 633->638 642 7b3253-7b3263 call 7b326f 634->642 643 7b31c4-7b31ca 634->643 636->643 645 7f2db0-7f2dc1 call 7b18e2 636->645 637->614 638->609 639->614 640->614 642->614 643->609 643->649 644->609 645->614 649->609 653 7f2e35-7f2e48 call 7b30f2 call 7b3837 649->653 653->609
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,007B316A,?,?), ref: 007B31D8
                                                                                                                                                                                                                                                                          • KillTimer.USER32(?,00000001,?,?,?,?,?,007B316A,?,?), ref: 007B3204
                                                                                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 007B3227
                                                                                                                                                                                                                                                                          • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,007B316A,?,?), ref: 007B3232
                                                                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 007B3246
                                                                                                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 007B3267
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                          • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                          • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                          • Opcode ID: 1259b21afa4a67701613f79caa8e3dd8923d90c87be23ebc42326a5417029e3a
                                                                                                                                                                                                                                                                          • Instruction ID: 5be5e475e4282f107cdbd0c368ab8e9007d225c3a477824adee4ca5d5b6b3240
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1259b21afa4a67701613f79caa8e3dd8923d90c87be23ebc42326a5417029e3a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C541DF3524060CABDF146BACDC1EBF93A5DFB06340F040125FA02C62A2DF7D9E8297A1
                                                                                                                                                                                                                                                                          Function 007B1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 659 7b1410-7b1449 660 7b144f-7b1465 mciSendStringW 659->660 661 7f24b8-7f24b9 DestroyWindow 659->661 662 7b146b-7b1473 660->662 663 7b16c6-7b16d3 660->663 664 7f24c4-7f24d1 661->664 662->664 665 7b1479-7b1488 call 7b182e 662->665 666 7b16f8-7b16ff 663->666 667 7b16d5-7b16f0 UnregisterHotKey 663->667 669 7f24d3-7f24d6 664->669 670 7f2500-7f2507 664->670 680 7f250e-7f251a 665->680 681 7b148e-7b1496 665->681 666->662 668 7b1705 666->668 667->666 672 7b16f2-7b16f3 call 7b10d0 667->672 668->663 674 7f24d8-7f24e0 call 7b6246 669->674 675 7f24e2-7f24e5 FindClose 669->675 670->664 673 7f2509 670->673 672->666 673->680 679 7f24eb-7f24f8 674->679 675->679 679->670 685 7f24fa-7f24fb call 8232b1 679->685 682 7f251c-7f251e FreeLibrary 680->682 683 7f2524-7f252b 680->683 686 7b149c-7b14c1 call 7bcfa0 681->686 687 7f2532-7f253f 681->687 682->683 683->680 690 7f252d 683->690 685->670 696 7b14f8-7b1503 CoUninitialize 686->696 697 7b14c3 686->697 691 7f2566-7f256d 687->691 692 7f2541-7f255e VirtualFree 687->692 690->687 691->687 695 7f256f 691->695 692->691 694 7f2560-7f2561 call 823317 692->694 694->691 699 7f2574-7f2578 695->699 696->699 701 7b1509-7b150e 696->701 700 7b14c6-7b14f6 call 7b1a05 call 7b19ae 697->700 699->701 702 7f257e-7f2584 699->702 700->696 704 7f2589-7f2596 call 8232eb 701->704 705 7b1514-7b151e 701->705 702->701 717 7f2598 704->717 708 7b1707-7b1714 call 7cf80e 705->708 709 7b1524-7b15a5 call 7b988f call 7b1944 call 7b17d5 call 7cfe14 call 7b177c call 7b988f call 7bcfa0 call 7b17fe call 7cfe14 705->709 708->709 719 7b171a 708->719 721 7f259d-7f25bf call 7cfdcd 709->721 749 7b15ab-7b15cf call 7cfe14 709->749 717->721 719->708 728 7f25c1 721->728 731 7f25c6-7f25e8 call 7cfdcd 728->731 736 7f25ea 731->736 739 7f25ef-7f2611 call 7cfdcd 736->739 745 7f2613 739->745 748 7f2618-7f2625 call 8164d4 745->748 755 7f2627 748->755 749->731 754 7b15d5-7b15f9 call 7cfe14 749->754 754->739 759 7b15ff-7b1619 call 7cfe14 754->759 758 7f262c-7f2639 call 7cac64 755->758 763 7f263b 758->763 759->748 765 7b161f-7b1643 call 7b17d5 call 7cfe14 759->765 766 7f2640-7f264d call 823245 763->766 765->758 774 7b1649-7b1651 765->774 772 7f264f 766->772 775 7f2654-7f2661 call 8232cc 772->775 774->766 776 7b1657-7b1675 call 7b988f call 7b190a 774->776 782 7f2663 775->782 776->775 784 7b167b-7b1689 776->784 785 7f2668-7f2675 call 8232cc 782->785 784->785 786 7b168f-7b16c5 call 7b988f * 3 call 7b1876 784->786 791 7f2677 785->791 791->791
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 007B1459
                                                                                                                                                                                                                                                                          • CoUninitialize.COMBASE ref: 007B14F8
                                                                                                                                                                                                                                                                          • UnregisterHotKey.USER32(?), ref: 007B16DD
                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 007F24B9
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 007F251E
                                                                                                                                                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 007F254B
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                          • String ID: close all
                                                                                                                                                                                                                                                                          • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                          • Opcode ID: 127190c25ec09b04c43add0718a6203979f3e6f4831d690662f3734253f1fce6
                                                                                                                                                                                                                                                                          • Instruction ID: cc7d8b2197844ac0e58605ec304b2ea3c3872b41510639b8d0aa08ce5ba6b43c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 127190c25ec09b04c43add0718a6203979f3e6f4831d690662f3734253f1fce6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8D15E31702212DFCB29DF14C4A9B69F7A5BF05700F9441ADE54AAB352DB38AD22CF51
                                                                                                                                                                                                                                                                          Function 007B2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 808 7b2c63-7b2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 007B2C91
                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 007B2CB2
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,007B1CAD,?), ref: 007B2CC6
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,007B1CAD,?), ref: 007B2CCF
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                          • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                          • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                          • Opcode ID: f8a239ab4a8b37928b49ee257c92cae3bc18d85d01d30a449f6b0c38a79a9260
                                                                                                                                                                                                                                                                          • Instruction ID: 60fda538a2e8d333e4d7b47389421d17f7ca04c3680a8707d71cbaa5833db533
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8a239ab4a8b37928b49ee257c92cae3bc18d85d01d30a449f6b0c38a79a9260
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43F0DA755413947AEB71171BAC0CEB72EBDF7C7F50B00005AF900A26A0CA791852DBB0
                                                                                                                                                                                                                                                                          Function 007B3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 959 7b3b1c-7b3b27 960 7b3b99-7b3b9b 959->960 961 7b3b29-7b3b2e 959->961 962 7b3b8c-7b3b8f 960->962 961->960 963 7b3b30-7b3b48 RegOpenKeyExW 961->963 963->960 964 7b3b4a-7b3b69 RegQueryValueExW 963->964 965 7b3b6b-7b3b76 964->965 966 7b3b80-7b3b8b RegCloseKey 964->966 967 7b3b78-7b3b7a 965->967 968 7b3b90-7b3b97 965->968 966->962 969 7b3b7e 967->969 968->969 969->966
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,007B3B0F,SwapMouseButtons,00000004,?), ref: 007B3B40
                                                                                                                                                                                                                                                                          • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,007B3B0F,SwapMouseButtons,00000004,?), ref: 007B3B61
                                                                                                                                                                                                                                                                          • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,007B3B0F,SwapMouseButtons,00000004,?), ref: 007B3B83
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                          • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                          • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                          • Opcode ID: aaec3f81ff09898a84b9ad4fe0d4ea5fcafb8922b79fe6c25e47f39e2e0a5db9
                                                                                                                                                                                                                                                                          • Instruction ID: 9d38b0f5344b554f51f5e0ab528a7cd7a5a17e3e46a56bf46c7cab4f0add6402
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aaec3f81ff09898a84b9ad4fe0d4ea5fcafb8922b79fe6c25e47f39e2e0a5db9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63112AB5511208FFDB208FA5DC44AEFB7BCEF05744B104559A805D7114E6359E809760
                                                                                                                                                                                                                                                                          Function 007B3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 007F33A2
                                                                                                                                                                                                                                                                            • Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A
                                                                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000001,?), ref: 007B3A04
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                          • String ID: Line:
                                                                                                                                                                                                                                                                          • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                          • Opcode ID: b219c1129509365c63f19b04f35ea8d8f7d2bb6dbb4f070d5462fa94264963ec
                                                                                                                                                                                                                                                                          • Instruction ID: c2d9a5d3c2a3724d77f4dce91b8d5b7178161273fced04ebf02d287a016a00d4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b219c1129509365c63f19b04f35ea8d8f7d2bb6dbb4f070d5462fa94264963ec
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8831A571408304AAD725EB14DC49BEBB7ECBF40714F10451AF59993291EF7CAA89C7C2
                                                                                                                                                                                                                                                                          Function 007CFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 007D0668
                                                                                                                                                                                                                                                                            • Part of subcall function 007D32A4: RaiseException.KERNEL32(?,?,?,007D068A,?,00881444,?,?,?,?,?,?,007D068A,007B1129,00878738,007B1129), ref: 007D3304
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 007D0685
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                          • String ID: Unknown exception
                                                                                                                                                                                                                                                                          • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                          • Opcode ID: 1b916e7b150b9fe86b26d457ef1e31c6348c94ded555e2787d1db855c06a2be8
                                                                                                                                                                                                                                                                          • Instruction ID: 2ba0eed18da7c6e991da94069f5c0a75968269e1c7b7ba0a096af79c6d66e1cc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b916e7b150b9fe86b26d457ef1e31c6348c94ded555e2787d1db855c06a2be8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27F0F42490020DF38B04B664E84EE5D777CAE00350B60803AB929D6795EF38EA2585C0
                                                                                                                                                                                                                                                                          Function 007B10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 007B1BF4
                                                                                                                                                                                                                                                                            • Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 007B1BFC
                                                                                                                                                                                                                                                                            • Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 007B1C07
                                                                                                                                                                                                                                                                            • Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 007B1C12
                                                                                                                                                                                                                                                                            • Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 007B1C1A
                                                                                                                                                                                                                                                                            • Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 007B1C22
                                                                                                                                                                                                                                                                            • Part of subcall function 007B1B4A: RegisterWindowMessageW.USER32(00000004,?,007B12C4), ref: 007B1BA2
                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 007B136A
                                                                                                                                                                                                                                                                          • OleInitialize.OLE32 ref: 007B1388
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000), ref: 007F24AB
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                          • Opcode ID: c0dae7988f3bfd3e9336ec9da35489214642f4a51d118ac9ff2bba423e50abd2
                                                                                                                                                                                                                                                                          • Instruction ID: 2a8378fe63216dd94af72982eb9a9d8d69743d40b6effe0dad25e46b102256fe
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0dae7988f3bfd3e9336ec9da35489214642f4a51d118ac9ff2bba423e50abd2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1871A7B49122009ECB84EFBDE95EA953AEDFB88344794823AD10AC7262EF344447CF45
                                                                                                                                                                                                                                                                          Function 0081C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 007B3A04
                                                                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0081C259
                                                                                                                                                                                                                                                                          • KillTimer.USER32(?,00000001,?,?), ref: 0081C261
                                                                                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0081C270
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                          • Opcode ID: 964d78b3f0c26f7d178fcfe11abdc4de4b65d45201251040ef2b621ed2325d75
                                                                                                                                                                                                                                                                          • Instruction ID: 90a0d2653d503d4944459ea0177ef50b17e8cbcacc58fcd4569eec99e69304b6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 964d78b3f0c26f7d178fcfe11abdc4de4b65d45201251040ef2b621ed2325d75
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1318170944344AFEB629F648859BEABBECFF16308F00049AD59AD7241C7746AC5CB51
                                                                                                                                                                                                                                                                          Function 007E86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(00000000,00000000,?,?,007E85CC,?,00878CC8,0000000C), ref: 007E8704
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,007E85CC,?,00878CC8,0000000C), ref: 007E870E
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 007E8739
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                          • Opcode ID: f5644c105a932bab965377306b92cbbe992053e6d738618300ba1049150bd1f2
                                                                                                                                                                                                                                                                          • Instruction ID: 35639846571ea60e7556ceb2e599b3bc1fa38c7882d36c369d90a3c6c1a8ddcb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5644c105a932bab965377306b92cbbe992053e6d738618300ba1049150bd1f2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61018E326072E056C2E06376694977E67494B8E77CF390119F81C8B1D3DEACCC81C252
                                                                                                                                                                                                                                                                          Function 007BDB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 007BDB7B
                                                                                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 007BDB89
                                                                                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007BDB9F
                                                                                                                                                                                                                                                                          • Sleep.KERNELBASE(0000000A), ref: 007BDBB1
                                                                                                                                                                                                                                                                          • TranslateAcceleratorW.USER32(?,?,?), ref: 00801CC9
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                          • Opcode ID: 813e0a7861990b16c54a5dac34dcf60ee2ce7a60d1a0886368226fcc9a72a924
                                                                                                                                                                                                                                                                          • Instruction ID: e4f47c47336a62e1463a136132c0c43af8a71ea40d637dfeaaf6e5361819339e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 813e0a7861990b16c54a5dac34dcf60ee2ce7a60d1a0886368226fcc9a72a924
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CF05E306453409BEB70CBA48C4DFEA73ACFB45310F104628E61AC30C0EB349848CB25
                                                                                                                                                                                                                                                                          Function 007C1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 007C17F6
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                          • String ID: CALL
                                                                                                                                                                                                                                                                          • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                          • Opcode ID: 95b5cfb3c321b925622788916e1e918f0556e4f1756cde5ebda6e75a6550a79f
                                                                                                                                                                                                                                                                          • Instruction ID: cafe3a304a03d0293577203725c671af39c01d09fbb21efc5572f62f5c856d8b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95b5cfb3c321b925622788916e1e918f0556e4f1756cde5ebda6e75a6550a79f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22226870608241DFC714DF14C894F2ABBE1FF86314F64896DE4968B3A2D739E961CB92
                                                                                                                                                                                                                                                                          Function 007B2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetOpenFileNameW.COMDLG32(?), ref: 007F2C8C
                                                                                                                                                                                                                                                                            • Part of subcall function 007B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B3A97,?,?,007B2E7F,?,?,?,00000000), ref: 007B3AC2
                                                                                                                                                                                                                                                                            • Part of subcall function 007B2DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 007B2DC4
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                          • String ID: X
                                                                                                                                                                                                                                                                          • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                          • Opcode ID: dd658ede7d605a0d6f10dc25efd02c48eacab03035d2efcaf562261b1b1f4ee4
                                                                                                                                                                                                                                                                          • Instruction ID: 10f3d2c0e7e985bb5eb1991a23a38f256f952c6aee1e8d1ada9d2b0d514219f7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd658ede7d605a0d6f10dc25efd02c48eacab03035d2efcaf562261b1b1f4ee4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68218471A002589ACB419F94C8497EE7BF8AF49704F108059E505A7345EBB89A8A8F61
                                                                                                                                                                                                                                                                          Function 007B3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000000,?), ref: 007B3908
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                          • Opcode ID: e3db5b9feb45201bc3323ffaae4b3365c3d8f94a2cd7344bbd0d8adb601a5007
                                                                                                                                                                                                                                                                          • Instruction ID: df33565e570c24ec0ab75f2d69afd495e636fc64f8d39664cf9192ee67be9680
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3db5b9feb45201bc3323ffaae4b3365c3d8f94a2cd7344bbd0d8adb601a5007
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E314B705047019FD761DF28D8897D7BBE8FB49708F00092EF59987250E779AA85CB52
                                                                                                                                                                                                                                                                          Function 007CF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • timeGetTime.WINMM ref: 007CF661
                                                                                                                                                                                                                                                                            • Part of subcall function 007BD730: GetInputState.USER32 ref: 007BD807
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 0080F2DE
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                          • Opcode ID: 4970ad3803d86da19200ac83d54c2a3d649c6730887acee500e343d1fe9a05a0
                                                                                                                                                                                                                                                                          • Instruction ID: dcbc74672a9ec7867914542cb0cd79649f38e54f84843ab70401282a19d0b591
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4970ad3803d86da19200ac83d54c2a3d649c6730887acee500e343d1fe9a05a0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5EF08C352402059FD360EF69D849BAAB7E8FF4A760F004029E85AC72A1DBB0A800CB91
                                                                                                                                                                                                                                                                          Function 007B4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,007B4EDD,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E9C
                                                                                                                                                                                                                                                                            • Part of subcall function 007B4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 007B4EAE
                                                                                                                                                                                                                                                                            • Part of subcall function 007B4E90: FreeLibrary.KERNEL32(00000000,?,?,007B4EDD,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4EC0
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4EFD
                                                                                                                                                                                                                                                                            • Part of subcall function 007B4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,007F3CDE,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E62
                                                                                                                                                                                                                                                                            • Part of subcall function 007B4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 007B4E74
                                                                                                                                                                                                                                                                            • Part of subcall function 007B4E59: FreeLibrary.KERNEL32(00000000,?,?,007F3CDE,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E87
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                          • Opcode ID: 635c82eb9184576e9e06d0f7ea5f5b9d0bdf1cb7005edcea2c48a96de9a469ef
                                                                                                                                                                                                                                                                          • Instruction ID: f39bb18074390a2396b92a63e87437c692f9dd7d5700f41b38081963b2b192de
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 635c82eb9184576e9e06d0f7ea5f5b9d0bdf1cb7005edcea2c48a96de9a469ef
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23119132610219EADB14BB64DC0ABFD77A5AF40B10F148429F542AB2D2EEB8DA459B50
                                                                                                                                                                                                                                                                          Function 007E8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __wsopen_s
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                          • Opcode ID: 48cd4ce9dd3c3a9c8f2d37773703f26335cc45b27659d5aeb0d35d79e37b44f7
                                                                                                                                                                                                                                                                          • Instruction ID: 19c8dad1ae945c52cf00985d9f9c5ca92f61fca66a11f58615c14e53e089d38f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48cd4ce9dd3c3a9c8f2d37773703f26335cc45b27659d5aeb0d35d79e37b44f7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B711487190414AEFCB05DF59E94099A7BF4FF49310F104059F808AB352DA30EA11CBA5
                                                                                                                                                                                                                                                                          Function 007E5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007E4C7D: RtlAllocateHeap.NTDLL(00000008,007B1129,00000000,?,007E2E29,00000001,00000364,?,?,?,007DF2DE,007E3863,00881444,?,007CFDF5,?), ref: 007E4CBE
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E506C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 614378929-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                          • Instruction ID: 1b047f7810a48538705bd989243e77eb370b89b13573f9134d7fb08d3f518431
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29012B722057489BE3218E66984595AFBECFB8D374F25061DF184932C0E674A805C674
                                                                                                                                                                                                                                                                          Function 007DE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                          • Instruction ID: ea18de7b83e1c395e7701adc6edcabc862f7046c42db6bf5be5b3a23b2ee40f7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35F02D32511A14D6C7323A668C0DB5A33BC9F52334F10071BF525973D2DB7CE80285A6
                                                                                                                                                                                                                                                                          Function 007E4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000008,007B1129,00000000,?,007E2E29,00000001,00000364,?,?,?,007DF2DE,007E3863,00881444,?,007CFDF5,?), ref: 007E4CBE
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                          • Opcode ID: c6f8d53a5a609c4af1f35b772a75a4987f4809cc9ef738a78c3cf4a4d8180228
                                                                                                                                                                                                                                                                          • Instruction ID: dbac7ee847919760a726093c3af6e86d14240725c9dfb424580813b2a28b93de
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6f8d53a5a609c4af1f35b772a75a4987f4809cc9ef738a78c3cf4a4d8180228
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AF0E9326032A4A7DB315F679D09B5A3798BF457A0B385512F81AA76B1CA3CD80186F0
                                                                                                                                                                                                                                                                          Function 007E3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9cdb24ab57ee2d66a88d578fc3cb559b09a81f302ffec679f242f051037c038a
                                                                                                                                                                                                                                                                          • Instruction ID: 9fac118bfbabbf2e9f875c06f57fba4abcd4b713562dcc3be7837c1025fb3c69
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9cdb24ab57ee2d66a88d578fc3cb559b09a81f302ffec679f242f051037c038a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26E065321032A4ABE63126A79D0DB9A3759AB867B0F190123BC1597691DB2DDD0182F1
                                                                                                                                                                                                                                                                          Function 007B4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4F6D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                          • Opcode ID: 39da7279b185725aab6ba2d80a57a8d5b1770773a7b243db8621b95d806bdb3d
                                                                                                                                                                                                                                                                          • Instruction ID: db4ad80747efecfdadd3329c095c3d8defde3b3c0a65fe3ae13450e5a87b7cef
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39da7279b185725aab6ba2d80a57a8d5b1770773a7b243db8621b95d806bdb3d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4F03971505752CFDB349F64D494AA2BBF4FF14329328897EE1EA83622C7399844DF10
                                                                                                                                                                                                                                                                          Function 00842A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsWindow.USER32(00000000), ref: 00842A66
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                          • Opcode ID: bc16820ddcb84ba01555ec3130c46b2af1c2690d292e770a64fcdfacf2741547
                                                                                                                                                                                                                                                                          • Instruction ID: c4f0fd63e50531927838350c05c88da9c8d21f7c9227c472f61e0e0ade09186d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc16820ddcb84ba01555ec3130c46b2af1c2690d292e770a64fcdfacf2741547
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCE04F7635412EAAC754EA34EC849FAB75CFF61399750453ABC16C3140DB309A9686A0
                                                                                                                                                                                                                                                                          Function 007B30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000002,?), ref: 007B314E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                          • Opcode ID: 62e9eec14f0dde55a2f273c9b18f82b81c6839c8a2e3b72a52ec1084ff2faaa9
                                                                                                                                                                                                                                                                          • Instruction ID: d3a3a4d931ad5432b3029dbc190efe177d839bb227aeda24295183e75ee7da3d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62e9eec14f0dde55a2f273c9b18f82b81c6839c8a2e3b72a52ec1084ff2faaa9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99F037709143189FEB529B28DC4A7D57BBCB701708F0000E5A54896292DB785789CF51
                                                                                                                                                                                                                                                                          Function 007B2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 007B2DC4
                                                                                                                                                                                                                                                                            • Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 541455249-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6cf9934e50a66d46a1edf6523045a476b49e83081b569989b97c762570c74d9f
                                                                                                                                                                                                                                                                          • Instruction ID: b3f7c9bbff3f365484ad9ca56525ff18cf532009276b01c8933a953149444733
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cf9934e50a66d46a1edf6523045a476b49e83081b569989b97c762570c74d9f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29E0CD766011249BC71092589C09FEA77EDDFC8790F040071FE09D7248DAA4AD80C550
                                                                                                                                                                                                                                                                          Function 007B2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 007B3908
                                                                                                                                                                                                                                                                            • Part of subcall function 007BD730: GetInputState.USER32 ref: 007BD807
                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 007B2B6B
                                                                                                                                                                                                                                                                            • Part of subcall function 007B30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 007B314E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                          • Opcode ID: 239cf67fbfeae930ab4691ac15a90aec66e9909731f19716ef892bece4d87d15
                                                                                                                                                                                                                                                                          • Instruction ID: b560895cf7c5647bce0ec895f962b894b6cb2d3b75af866a4e33fb29ee46d7d2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 239cf67fbfeae930ab4691ac15a90aec66e9909731f19716ef892bece4d87d15
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27E0863130424486CA04BBB4985E7EDA75EABD1751F40153EF24283163DE2D498A8352
                                                                                                                                                                                                                                                                          Function 007F039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateFileW.KERNELBASE(00000000,00000000,?,007F0704,?,?,00000000,?,007F0704,00000000,0000000C), ref: 007F03B7
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                                                                                          • Opcode ID: 863bca47567c81481c8770c676942e9efd103e18faa43f2b984bc456a4368d84
                                                                                                                                                                                                                                                                          • Instruction ID: 754634fb71f6034882e362a0cc5cb08bfc37607b2adb99d32f34c98cb0075d29
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 863bca47567c81481c8770c676942e9efd103e18faa43f2b984bc456a4368d84
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDD06C3204010DBBDF028F84DD06EDA3BAAFB48714F014000BE1856020C732E821EB90
                                                                                                                                                                                                                                                                          Function 007B1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 007B1CBC
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                          • Opcode ID: be112453b1a50494ff87e7b10596b1d32751c5e35702e2d38d76967e7903fee9
                                                                                                                                                                                                                                                                          • Instruction ID: 0d648e9656b78ef6b0d63044c8c3925663222103df78edc5e0dfa631605da1d8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be112453b1a50494ff87e7b10596b1d32751c5e35702e2d38d76967e7903fee9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02C0923A2C0304AFF6548B88FC4EF547768B348B00F048001F709A96E3C7A22820EB50

                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                          Function 00849576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0084961A
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0084965B
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0084969F
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008496C9
                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 008496F2
                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 0084978B
                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000009), ref: 00849798
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 008497AE
                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000010), ref: 008497B8
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008497E9
                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00849810
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001030,?,00847E95), ref: 00849918
                                                                                                                                                                                                                                                                          • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0084992E
                                                                                                                                                                                                                                                                          • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00849941
                                                                                                                                                                                                                                                                          • SetCapture.USER32(?), ref: 0084994A
                                                                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 008499AF
                                                                                                                                                                                                                                                                          • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 008499BC
                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008499D6
                                                                                                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 008499E1
                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00849A19
                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00849A26
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 00849A80
                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00849AAE
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00849AEB
                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00849B1A
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00849B3B
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00849B4A
                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00849B68
                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00849B75
                                                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00849B93
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 00849BFA
                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00849C2B
                                                                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 00849C84
                                                                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00849CB4
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00849CDE
                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00849D01
                                                                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 00849D4E
                                                                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00849D82
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9944: GetWindowLongW.USER32(?,000000EB), ref: 007C9952
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00849E05
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                          • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                                          • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                                                                          • Opcode ID: 1e8a45da8b3bab601a96c25d6e683745d0a36805c0cca96be036a90e457de754
                                                                                                                                                                                                                                                                          • Instruction ID: a2b2a6dc32ec33dfe7574b9e76dc95a8f42d96c71219bd29a2cc688098abe6ca
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e8a45da8b3bab601a96c25d6e683745d0a36805c0cca96be036a90e457de754
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E427834204209AFDB60CF68CC88EABBBE9FF59314F114619F699C72A1E731A850CF51
                                                                                                                                                                                                                                                                          Function 00844873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 008448F3
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00844908
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00844927
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0084494B
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0084495C
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0084497B
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 008449AE
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 008449D4
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00844A0F
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00844A56
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00844A7E
                                                                                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 00844A97
                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00844AF2
                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00844B20
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00844B94
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00844BE3
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00844C82
                                                                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00844CAE
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00844CC9
                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 00844CF1
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00844D13
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00844D33
                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 00844D5A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                          • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                          • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                          • Opcode ID: c7001fa924dbed8776ac438ab7a34a32543d59433d6359c4e68698e4f511d6c6
                                                                                                                                                                                                                                                                          • Instruction ID: 2d76dbcbfb1c467eaede8a8a6eebf3288cd8e3f7bdd12fba6de3ce3e65db71d8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7001fa924dbed8776ac438ab7a34a32543d59433d6359c4e68698e4f511d6c6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B12ED71A00618ABEB249F28CC49FAE7BF8FF45714F105129F916EB2E1DB789941CB50
                                                                                                                                                                                                                                                                          Function 007CF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 007CF998
                                                                                                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0080F474
                                                                                                                                                                                                                                                                          • IsIconic.USER32(00000000), ref: 0080F47D
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000009), ref: 0080F48A
                                                                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 0080F494
                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0080F4AA
                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0080F4B1
                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0080F4BD
                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 0080F4CE
                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 0080F4D6
                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0080F4DE
                                                                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 0080F4E1
                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0080F4F6
                                                                                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 0080F501
                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0080F50B
                                                                                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 0080F510
                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0080F519
                                                                                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 0080F51E
                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0080F528
                                                                                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 0080F52D
                                                                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 0080F530
                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0080F557
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                          • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                          • Opcode ID: 41aaca6f352644f508968b125e64c89777d2f0a14f8677a0544ec519bbcc793c
                                                                                                                                                                                                                                                                          • Instruction ID: 8f1286e31ad4cc59d2319fa426ea0de351e031c5736c12bdc7ecc7a262a87d08
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41aaca6f352644f508968b125e64c89777d2f0a14f8677a0544ec519bbcc793c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC315E75A41218BBEB706BB55C4AFBF7E6CFB45B50F114029FA05E61D2C6B06D00EAA0
                                                                                                                                                                                                                                                                          Function 00811201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 008116C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0081170D
                                                                                                                                                                                                                                                                            • Part of subcall function 008116C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0081173A
                                                                                                                                                                                                                                                                            • Part of subcall function 008116C3: GetLastError.KERNEL32 ref: 0081174A
                                                                                                                                                                                                                                                                          • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00811286
                                                                                                                                                                                                                                                                          • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 008112A8
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 008112B9
                                                                                                                                                                                                                                                                          • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 008112D1
                                                                                                                                                                                                                                                                          • GetProcessWindowStation.USER32 ref: 008112EA
                                                                                                                                                                                                                                                                          • SetProcessWindowStation.USER32(00000000), ref: 008112F4
                                                                                                                                                                                                                                                                          • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00811310
                                                                                                                                                                                                                                                                            • Part of subcall function 008110BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008111FC), ref: 008110D4
                                                                                                                                                                                                                                                                            • Part of subcall function 008110BF: CloseHandle.KERNEL32(?,?,008111FC), ref: 008110E9
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                          • String ID: $default$winsta0
                                                                                                                                                                                                                                                                          • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                          • Opcode ID: c801a8b4b328a57a589f3a9a78510020c1a86f2eff867fc82439f94e02073dca
                                                                                                                                                                                                                                                                          • Instruction ID: c7241843eba24ea5ca14d90ddefd302ada9300f71624874dfec6e8beff8b884e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c801a8b4b328a57a589f3a9a78510020c1a86f2eff867fc82439f94e02073dca
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F818D71900209ABDF109FA8DC4DBEE7BBEFF05B04F144129FA10E62A0D7758984CB25
                                                                                                                                                                                                                                                                          Function 00810B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 008110F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00811114
                                                                                                                                                                                                                                                                            • Part of subcall function 008110F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811120
                                                                                                                                                                                                                                                                            • Part of subcall function 008110F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 0081112F
                                                                                                                                                                                                                                                                            • Part of subcall function 008110F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811136
                                                                                                                                                                                                                                                                            • Part of subcall function 008110F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0081114D
                                                                                                                                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00810BCC
                                                                                                                                                                                                                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00810C00
                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00810C17
                                                                                                                                                                                                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00810C51
                                                                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00810C6D
                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00810C84
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00810C8C
                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00810C93
                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00810CB4
                                                                                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000), ref: 00810CBB
                                                                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00810CEA
                                                                                                                                                                                                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00810D0C
                                                                                                                                                                                                                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00810D1E
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810D45
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00810D4C
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810D55
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00810D5C
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810D65
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00810D6C
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00810D78
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00810D7F
                                                                                                                                                                                                                                                                            • Part of subcall function 00811193: GetProcessHeap.KERNEL32(00000008,00810BB1,?,00000000,?,00810BB1,?), ref: 008111A1
                                                                                                                                                                                                                                                                            • Part of subcall function 00811193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00810BB1,?), ref: 008111A8
                                                                                                                                                                                                                                                                            • Part of subcall function 00811193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00810BB1,?), ref: 008111B7
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                          • Opcode ID: d1799a26887fade3429e3cdb037bee204b548328eb4c2cd62acf4434b849098c
                                                                                                                                                                                                                                                                          • Instruction ID: 8b09cbb75c6769ae384a2d5dc96db1eb726c9f5735e92be48380aaf8011057e9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1799a26887fade3429e3cdb037bee204b548328eb4c2cd62acf4434b849098c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4715CB690120AABDF10DFA4EC48BEEBBBCFF05300F144615E915E6191D7B5A985CFA0
                                                                                                                                                                                                                                                                          Function 0082EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • OpenClipboard.USER32(0084CC08), ref: 0082EB29
                                                                                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(0000000D), ref: 0082EB37
                                                                                                                                                                                                                                                                          • GetClipboardData.USER32(0000000D), ref: 0082EB43
                                                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0082EB4F
                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0082EB87
                                                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0082EB91
                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0082EBBC
                                                                                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(00000001), ref: 0082EBC9
                                                                                                                                                                                                                                                                          • GetClipboardData.USER32(00000001), ref: 0082EBD1
                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0082EBE2
                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0082EC22
                                                                                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(0000000F), ref: 0082EC38
                                                                                                                                                                                                                                                                          • GetClipboardData.USER32(0000000F), ref: 0082EC44
                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0082EC55
                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0082EC77
                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0082EC94
                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0082ECD2
                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0082ECF3
                                                                                                                                                                                                                                                                          • CountClipboardFormats.USER32 ref: 0082ED14
                                                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0082ED59
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 420908878-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1d98e9f0f2eff1943ea2fc5d60627db7539f5ec9868f9768dbc750fd3e35d347
                                                                                                                                                                                                                                                                          • Instruction ID: 70d26ad48a605bd91c8d96eeaf04639676e02377722b521ce965b4de1a8722eb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d98e9f0f2eff1943ea2fc5d60627db7539f5ec9868f9768dbc750fd3e35d347
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C61EE38204301AFD300EF24E888F6ABBA8FF85714F14441DF956D72A2CB75E985CB66
                                                                                                                                                                                                                                                                          Function 0082698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 008269BE
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00826A12
                                                                                                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00826A4E
                                                                                                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00826A75
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00826AB2
                                                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00826ADF
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                          • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                          • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                          • Opcode ID: daa5dd59ef565ac3564eae9c7c897fad44d51b0add3f2f8fc8d83dd560099b59
                                                                                                                                                                                                                                                                          • Instruction ID: ed90acc4aeb2a21a10b72b3fc399f026b19da73d77c2113dcdb23d7b4317ce26
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daa5dd59ef565ac3564eae9c7c897fad44d51b0add3f2f8fc8d83dd560099b59
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FCD15172508350EFC314EBA4D885EABB7ECBF88704F04491DF699D6191EB78DA44CB62
                                                                                                                                                                                                                                                                          Function 00829642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00829663
                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 008296A1
                                                                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,?), ref: 008296BB
                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 008296D3
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 008296DE
                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 008296FA
                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 0082974A
                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(00876B7C), ref: 00829768
                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00829772
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0082977F
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0082978F
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                          • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                          • Opcode ID: dd0f80fcafb6b06a82d5abcade86095e01ae9253bfbadce2d238f0f4904a830e
                                                                                                                                                                                                                                                                          • Instruction ID: a4eabb6f3b957525a1e0d0f1fca76b82c4190295822f59410e6870ee7d641fc0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd0f80fcafb6b06a82d5abcade86095e01ae9253bfbadce2d238f0f4904a830e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A31D3365016296FDB10AFB4EC48ADE77BCFF0A320F144156F955E2190EB74DD84CA14
                                                                                                                                                                                                                                                                          Function 0082979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 008297BE
                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00829819
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00829824
                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 00829840
                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00829890
                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(00876B7C), ref: 008298AE
                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 008298B8
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 008298C5
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 008298D5
                                                                                                                                                                                                                                                                            • Part of subcall function 0081DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0081DB00
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                          • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                          • Opcode ID: a748d0f29ed6b0314ecff41715ab36c61ab2c75d1eaf524cbb939a85339f79de
                                                                                                                                                                                                                                                                          • Instruction ID: 7e0e3106991e1674fe1058e4c1251df1acec521ed94aa7b3b2f577fc8bdef7eb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a748d0f29ed6b0314ecff41715ab36c61ab2c75d1eaf524cbb939a85339f79de
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B531C3315016296FDB14EFB4EC48ADE77BCFF06330F184166E994E2290EB75D984CA24
                                                                                                                                                                                                                                                                          Function 0083BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0083C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
                                                                                                                                                                                                                                                                            • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083C9F1
                                                                                                                                                                                                                                                                            • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA68
                                                                                                                                                                                                                                                                            • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA9E
                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083BF3E
                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0083BFA9
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0083BFCD
                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0083C02C
                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0083C0E7
                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0083C154
                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0083C1E9
                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0083C23A
                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0083C2E3
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0083C382
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0083C38F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7d057924f4e77c972c78a88643201eb1dc8f7aa9f8623130f98910d5efd8cfad
                                                                                                                                                                                                                                                                          • Instruction ID: 5e2dfdf008dbd6dfe70dcdf02a6c6d47944671222260474cea57d0a48a30e435
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d057924f4e77c972c78a88643201eb1dc8f7aa9f8623130f98910d5efd8cfad
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8020B716042009FD714DF28C895E2ABBE5FF89318F18849DF84ADB2A2DB35ED45CB91
                                                                                                                                                                                                                                                                          Function 00828195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLocalTime.KERNEL32(?), ref: 00828257
                                                                                                                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00828267
                                                                                                                                                                                                                                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00828273
                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00828310
                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00828324
                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00828356
                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0082838C
                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00828395
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                          • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                          • Opcode ID: f367a6cad3911eea264db868a3cc08a5596261d8784aac0b1990c7e6ae2c03b7
                                                                                                                                                                                                                                                                          • Instruction ID: dea6c7f11a398fcb72b7037e5e2bc77df8fc9faa8ef28f06cf2e392f1f438c6f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f367a6cad3911eea264db868a3cc08a5596261d8784aac0b1990c7e6ae2c03b7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99614972504315DFCB10EF64D848AAEB3E8FF89314F04891AF999C7251EB35E985CB92
                                                                                                                                                                                                                                                                          Function 0081D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B3A97,?,?,007B2E7F,?,?,?,00000000), ref: 007B3AC2
                                                                                                                                                                                                                                                                            • Part of subcall function 0081E199: GetFileAttributesW.KERNEL32(?,0081CF95), ref: 0081E19A
                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0081D122
                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0081D1DD
                                                                                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0081D1F0
                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 0081D20D
                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 0081D237
                                                                                                                                                                                                                                                                            • Part of subcall function 0081D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0081D21C,?,?), ref: 0081D2B2
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,?,?), ref: 0081D253
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0081D264
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                                                                                          • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                          • Opcode ID: 161cfc07d4372b4f91d790e984c96cab9b67171a26ec4324f677fbaa3a429048
                                                                                                                                                                                                                                                                          • Instruction ID: e49f302a25271c7ac3816de4f1782a724c02ec216c230a78ba32f49f66f75e14
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 161cfc07d4372b4f91d790e984c96cab9b67171a26ec4324f677fbaa3a429048
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A617B3180120DABCF05EBE4D996AEDB7B9FF15300F204165E512B7191EB34AF89CB61
                                                                                                                                                                                                                                                                          Function 0082ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                          • Opcode ID: 3bcd0783a50432ccf3d0753468cd39f40426e13fffae51f504e4fffc7c0f9ee6
                                                                                                                                                                                                                                                                          • Instruction ID: 3ff1f48c32f14d47a0e6de395c9607a1fd91ef17d9bb7008202ec32c13f61d73
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bcd0783a50432ccf3d0753468cd39f40426e13fffae51f504e4fffc7c0f9ee6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC419D39205621AFD720DF19E888B29BBE5FF45318F15C099E419CB762C779EC81CB94
                                                                                                                                                                                                                                                                          Function 0081E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 008116C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0081170D
                                                                                                                                                                                                                                                                            • Part of subcall function 008116C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0081173A
                                                                                                                                                                                                                                                                            • Part of subcall function 008116C3: GetLastError.KERNEL32 ref: 0081174A
                                                                                                                                                                                                                                                                          • ExitWindowsEx.USER32(?,00000000), ref: 0081E932
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                          • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                          • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                          • Opcode ID: cb0c26ebf1a2fffccbd555dfa1ff09c2477707705d2a957453906c707ef07568
                                                                                                                                                                                                                                                                          • Instruction ID: f05e902cbe1d76b5fab7efaa79a9f1252d2d62bb1f6d34d90c7d2a4b6a704466
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb0c26ebf1a2fffccbd555dfa1ff09c2477707705d2a957453906c707ef07568
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A014932A10315ABEB5426B8AC8AFFF765CFF18744F150422FD13E21D1D6A55CC085A0
                                                                                                                                                                                                                                                                          Function 00831204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00831276
                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00831283
                                                                                                                                                                                                                                                                          • bind.WSOCK32(00000000,?,00000010), ref: 008312BA
                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 008312C5
                                                                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 008312F4
                                                                                                                                                                                                                                                                          • listen.WSOCK32(00000000,00000005), ref: 00831303
                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 0083130D
                                                                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 0083133C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 540024437-0
                                                                                                                                                                                                                                                                          • Opcode ID: 29a7206ac2e6b3cc96c30922d75d707f2dd61475ed1625ae6a819706081f3637
                                                                                                                                                                                                                                                                          • Instruction ID: 1d610b6c898d3fec574b7a19f6f0ba50f2cf742c680a281f7d56ebe111381221
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29a7206ac2e6b3cc96c30922d75d707f2dd61475ed1625ae6a819706081f3637
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02417F356001009FDB10DF64C488B6ABBE5FF86718F188198E856DF296C775ED81CBE1
                                                                                                                                                                                                                                                                          Function 0081D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B3A97,?,?,007B2E7F,?,?,?,00000000), ref: 007B3AC2
                                                                                                                                                                                                                                                                            • Part of subcall function 0081E199: GetFileAttributesW.KERNEL32(?,0081CF95), ref: 0081E19A
                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0081D420
                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 0081D470
                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 0081D481
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0081D498
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0081D4A1
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                                                                                          • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                          • Opcode ID: 668c281f38bdd11c30c64302713d9bd508da6a8178a1e134c198521e0c9b8287
                                                                                                                                                                                                                                                                          • Instruction ID: 46a68ffa8539213f2c77d5263a435ddde62a08f5216d3627c91567542c066943
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 668c281f38bdd11c30c64302713d9bd508da6a8178a1e134c198521e0c9b8287
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A319C71009355ABC300EF64C899AEFB7ECBE92304F444A1DF5E593191EB34AA49CB67
                                                                                                                                                                                                                                                                          Function 007EE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                          • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                          • Opcode ID: bc57be55b44c0240b66c3747f25bed99f292ed244f8c71cab34a3e7298901e05
                                                                                                                                                                                                                                                                          • Instruction ID: ff0a9df85205f84eb1eb104872bac5011a686f8a6c19bdb6e1503f1d18d1af3d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc57be55b44c0240b66c3747f25bed99f292ed244f8c71cab34a3e7298901e05
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0C27B72E066688FDB25CF29CD407EAB7B5EB48305F1445EAD84DE7241E778AE818F40
                                                                                                                                                                                                                                                                          Function 0082648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008264DC
                                                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00826639
                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(0084FCF8,00000000,00000001,0084FB68,?), ref: 00826650
                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 008268D4
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                          • String ID: .lnk
                                                                                                                                                                                                                                                                          • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                          • Opcode ID: f893096d4e7322b891f1f0eef19796161fb3015edb03fc595b929e2a869b9737
                                                                                                                                                                                                                                                                          • Instruction ID: 4677cc5c1f57fbde6181ca4938c1c62aecb4db10334f93fadb96429c1f53431a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f893096d4e7322b891f1f0eef19796161fb3015edb03fc595b929e2a869b9737
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8D15871508211AFC304EF24C885AABB7E8FF98704F14496DF595CB2A1EB34ED45CBA2
                                                                                                                                                                                                                                                                          Function 008322DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32(?,?,00000000), ref: 008322E8
                                                                                                                                                                                                                                                                            • Part of subcall function 0082E4EC: GetWindowRect.USER32(?,?), ref: 0082E504
                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00832312
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00832319
                                                                                                                                                                                                                                                                          • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00832355
                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00832381
                                                                                                                                                                                                                                                                          • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 008323DF
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                          • Opcode ID: f06ed5bdcac63c6205850c3c8191deb3677bd4343c5f01638555030887f8093e
                                                                                                                                                                                                                                                                          • Instruction ID: 946e2557c38b3416bf38cb2bbc364231dc1a472b907eadae8f6ae49a9e72cdea
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f06ed5bdcac63c6205850c3c8191deb3677bd4343c5f01638555030887f8093e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C31EB72505315ABD720DF18C848A9BBBADFFC9314F000A19F985D7291DB34EA08CBD2
                                                                                                                                                                                                                                                                          Function 00829B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00829B78
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00829C8B
                                                                                                                                                                                                                                                                            • Part of subcall function 00823874: GetInputState.USER32 ref: 008238CB
                                                                                                                                                                                                                                                                            • Part of subcall function 00823874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00823966
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00829BA8
                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00829C75
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                          • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                          • Opcode ID: 8d6dd3521b0e469653de16e939843667445395c3c7d063fb045469a66e6013e0
                                                                                                                                                                                                                                                                          • Instruction ID: 4a4664865148f167111ad4607857d5179e4b70d8b033192ae8a2877702140989
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d6dd3521b0e469653de16e939843667445395c3c7d063fb045469a66e6013e0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F418E7190021AAFDF55DF64D889AEEBBB8FF05310F24405AE855E2291EB349E84CF60
                                                                                                                                                                                                                                                                          Function 007C997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,?,?,?,?), ref: 007C9A4E
                                                                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 007C9B23
                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 007C9B36
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                          • Opcode ID: 25d334b42d0d155e1977b6d2f3a241c4b62233b5837774586cd6a0791387cd1b
                                                                                                                                                                                                                                                                          • Instruction ID: 250f5027b649dc180fd2d61af20620e28a309c606707483054bb19aef8032d35
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25d334b42d0d155e1977b6d2f3a241c4b62233b5837774586cd6a0791387cd1b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27A127B1609444BEE7B5AA2C8C4DF7F2B9DFB42340B15811DF212D66D1CA29AD01D376
                                                                                                                                                                                                                                                                          Function 00831806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0083304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0083307A
                                                                                                                                                                                                                                                                            • Part of subcall function 0083304E: _wcslen.LIBCMT ref: 0083309B
                                                                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0083185D
                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00831884
                                                                                                                                                                                                                                                                          • bind.WSOCK32(00000000,?,00000010), ref: 008318DB
                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 008318E6
                                                                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 00831915
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                          • Opcode ID: d643066a3f3dfbbcfcfef5ab8d7823a607e92763bd3d5455d51584a6bad5b97c
                                                                                                                                                                                                                                                                          • Instruction ID: 908772a10ccc822ab6519cbdc44b03cba4dc68ec11ef0de54987b4f9a4fd0b4f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d643066a3f3dfbbcfcfef5ab8d7823a607e92763bd3d5455d51584a6bad5b97c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC519175A00200AFDB10AF24C88AF6A77E5EB85718F08849CF9069F393C775AD41CBE1
                                                                                                                                                                                                                                                                          Function 00841C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 292994002-0
                                                                                                                                                                                                                                                                          • Opcode ID: 716cb61c310a0ad807ee8350c4dca7c35c17c788fdd8c4be80fbe240df94a740
                                                                                                                                                                                                                                                                          • Instruction ID: b6cf2a1207dfd86d62ba0327f0e5ecbda89ab54a4ea887ae4226030dd16777e2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 716cb61c310a0ad807ee8350c4dca7c35c17c788fdd8c4be80fbe240df94a740
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C21D3317412159FDB208F1ADC88B6A7BE9FF95315B198058E84ACB351C775DC82CB90
                                                                                                                                                                                                                                                                          Function 007B8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                          • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                          • Opcode ID: 4e26d3e98fa97253bf5ee3e623b83e6f72ca883769504f5c79c6217fe26746d2
                                                                                                                                                                                                                                                                          • Instruction ID: a935b0329c206711c9a0025703c797e44efb9536168389ab3c51ab5513a98be9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e26d3e98fa97253bf5ee3e623b83e6f72ca883769504f5c79c6217fe26746d2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CA24A70A0021ECBDF64CF58C8407FDB7B5BB54314F2481AAEA15AB385EB789D81DB91
                                                                                                                                                                                                                                                                          Function 0081AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0081AAAC
                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(00000080), ref: 0081AAC8
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0081AB36
                                                                                                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0081AB88
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 432972143-0
                                                                                                                                                                                                                                                                          • Opcode ID: 595f3f1a9d7b8a444da205aa039bcf3af491694b3e74a3d8ac1a3cd6b893f401
                                                                                                                                                                                                                                                                          • Instruction ID: c888791674a9e236ec8f1967d991f9ed7eb46355b3642917957b297c6a71b242
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 595f3f1a9d7b8a444da205aa039bcf3af491694b3e74a3d8ac1a3cd6b893f401
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66312570A46288AEEB38CA68CC05BFA7BAEFF55330F04421AF081D21D1D37589C1C762
                                                                                                                                                                                                                                                                          Function 007EBB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007EBB7F
                                                                                                                                                                                                                                                                            • Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
                                                                                                                                                                                                                                                                            • Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0
                                                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32 ref: 007EBB91
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,?,0088121C,000000FF,?,0000003F,?,?), ref: 007EBC09
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,?,00881270,000000FF,?,0000003F,?,?,?,0088121C,000000FF,?,0000003F,?,?), ref: 007EBC36
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 806657224-0
                                                                                                                                                                                                                                                                          • Opcode ID: c6865c5d94ada38534294776684d01a3b469161e2e2a9aff7a3b85d23a3539b8
                                                                                                                                                                                                                                                                          • Instruction ID: 5fe1aabd7d025a8043cc766793f5e1ddcd020e1f17c44333d3771d6bf617c662
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6865c5d94ada38534294776684d01a3b469161e2e2a9aff7a3b85d23a3539b8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2031B270909285DFCB11DF6ADC8586ABFBCFF49750B24426AE060D72B1DB349D02CB60
                                                                                                                                                                                                                                                                          Function 0082CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,?,00000400,?), ref: 0082CE89
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 0082CEEA
                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000), ref: 0082CEFE
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 234945975-0
                                                                                                                                                                                                                                                                          • Opcode ID: 178b6b28b62f1882852aed5dcf1e4e69b92e8834a4f05b4c9d982a0236625ccb
                                                                                                                                                                                                                                                                          • Instruction ID: 6f6587535dbbc486be53583dfd6afe318078846b70efbf08eff17e4576e6b68f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 178b6b28b62f1882852aed5dcf1e4e69b92e8834a4f05b4c9d982a0236625ccb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9221BDB5500715EBDB20DFA5E948BAABBFCFB10358F10441EE546D2251EBB4EE84CB60
                                                                                                                                                                                                                                                                          Function 00818298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,?,00000000), ref: 008182AA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                                                                                                          • String ID: ($|
                                                                                                                                                                                                                                                                          • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                                          • Opcode ID: d6ae90395ee45484e27afbd9b5a1d75dd5731fabd0038ce3bcbf77aa9f396867
                                                                                                                                                                                                                                                                          • Instruction ID: 5eaab2fcd789cc79e39935a399d08f09eba5375629fe6b5693ed5cfe750dcbfb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6ae90395ee45484e27afbd9b5a1d75dd5731fabd0038ce3bcbf77aa9f396867
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2323674A00605DFC728CF59C481AAAB7F4FF48710B15C56EE59ADB3A1EB70E981CB40
                                                                                                                                                                                                                                                                          Function 00825C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00825CC1
                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00825D17
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 00825D5F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5feb721cd0d2887cc0e539f5560e984ec56bd50ed11870745d78fa531f533505
                                                                                                                                                                                                                                                                          • Instruction ID: 6df17040c9e66a1c8680cb9c55f272c90e0555d0cbd79a566c0745b7dcbe5cce
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5feb721cd0d2887cc0e539f5560e984ec56bd50ed11870745d78fa531f533505
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B751A835600A019FC314CF28D498A9AB7E4FF09324F14856EE95ACB3A2DB30ED44CB91
                                                                                                                                                                                                                                                                          Function 007E2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 007E271A
                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 007E2724
                                                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 007E2731
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                          • Opcode ID: f68e90561578566727a515d9ac1b0daa53820a25b9be3f7011eae8c659cc66e2
                                                                                                                                                                                                                                                                          • Instruction ID: 5d86e878b77766ebb493418cda938315fa509f17597ee868deb348b428ef05e6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f68e90561578566727a515d9ac1b0daa53820a25b9be3f7011eae8c659cc66e2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E731B5749112189BCB21DF65DC8979DB7B8BF08310F5051EAE41CA7261E7749F818F45
                                                                                                                                                                                                                                                                          Function 008251CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 008251DA
                                                                                                                                                                                                                                                                          • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00825238
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000), ref: 008252A1
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2b0692dae3f1f9ce0686b25e9d852877d35d938df9b19c9199f5fa9b128b322b
                                                                                                                                                                                                                                                                          • Instruction ID: c4de5d7ea6e1350daeb794baad217fa1f8004e41ff578703a452271caeb71127
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b0692dae3f1f9ce0686b25e9d852877d35d938df9b19c9199f5fa9b128b322b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59314C75A00618DFDB00DF54D888FADBBB4FF49314F188099E805AB3A2DB35E855CBA0
                                                                                                                                                                                                                                                                          Function 008116C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007CFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 007D0668
                                                                                                                                                                                                                                                                            • Part of subcall function 007CFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 007D0685
                                                                                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0081170D
                                                                                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0081173A
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0081174A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 577356006-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0bfc823786314b777ad8f0ea81c1ae94f34fa848e9eab74611b62b67b861bd68
                                                                                                                                                                                                                                                                          • Instruction ID: f7cd3a7242af2bcf2d2a55666ae5422cc402c3e67f6dbe3de8abae2f4addbac2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bfc823786314b777ad8f0ea81c1ae94f34fa848e9eab74611b62b67b861bd68
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 551191B2514309AFD7189F54DC8AEAAB7FDFF44714B20852EE05697291EB70BC81CA60
                                                                                                                                                                                                                                                                          Function 0081D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0081D608
                                                                                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0081D645
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0081D650
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 33631002-0
                                                                                                                                                                                                                                                                          • Opcode ID: 319d748bb5250c71a25b3e58894f324e38fe24736270b03d370dfbf4277e347b
                                                                                                                                                                                                                                                                          • Instruction ID: f3f2bb63242efa200f1e517f08d0b503c876247f0c0a7397c7dc75484ce963fd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 319d748bb5250c71a25b3e58894f324e38fe24736270b03d370dfbf4277e347b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D113C75E05228BBDB208F95AC45FAFBBBCFB45B50F108115F904E7290D6B05A058BA1
                                                                                                                                                                                                                                                                          Function 00811663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0081168C
                                                                                                                                                                                                                                                                          • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 008116A1
                                                                                                                                                                                                                                                                          • FreeSid.ADVAPI32(?), ref: 008116B1
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                          • Opcode ID: 94dff07213445ce5295e3b454c0b67d7a673cc707522e444821643eb7e9a5e2f
                                                                                                                                                                                                                                                                          • Instruction ID: 08d28467e565838e88e6f329e6d717e97354cf708979bf115c6e85bb70eed289
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 94dff07213445ce5295e3b454c0b67d7a673cc707522e444821643eb7e9a5e2f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03F0F475A51309FBDF00DFE49C89AAEBBBCFB08605F504965E501E2181E774AA448A54
                                                                                                                                                                                                                                                                          Function 0080D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetUserNameW.ADVAPI32(?,?), ref: 0080D28C
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: NameUser
                                                                                                                                                                                                                                                                          • String ID: X64
                                                                                                                                                                                                                                                                          • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                          • Opcode ID: 8998da5bf2991af5f2767e73466c3d83431398e75e884cddccf48fd72909cc2b
                                                                                                                                                                                                                                                                          • Instruction ID: cc6a150767ee1976015c787b84510d26dad30c984967cd4fba8fc478e37ba1a9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8998da5bf2991af5f2767e73466c3d83431398e75e884cddccf48fd72909cc2b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DD0C9B480211DEBCB90CB90DC88DD9B37CBB14305F100155F106E2040D77495488F10
                                                                                                                                                                                                                                                                          Function 007DCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                          • Instruction ID: 887e2f7fe43384356b54a913814697f260e245b0739f1c841e5ba9d30cee4775
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01022E72E0011A9FDF15CFA9C9806ADFBF1EF48314F25826AD919E7384D735A941CB90
                                                                                                                                                                                                                                                                          Function 008268EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00826918
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00826961
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                          • Opcode ID: d4008379dc71207df22c81a74ea5ca8931991878c9caed257a498b8bf5e93bb0
                                                                                                                                                                                                                                                                          • Instruction ID: 8d9f7b6728609dea5a29e02c43d6058468cee4ae1b73bef59749d778be6a30b3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4008379dc71207df22c81a74ea5ca8931991878c9caed257a498b8bf5e93bb0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E11D0356042109FC710CF29D488A26BBE4FF85328F04C699F4698F2A2DB74EC85CB90
                                                                                                                                                                                                                                                                          Function 008237B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00834891,?,?,00000035,?), ref: 008237E4
                                                                                                                                                                                                                                                                          • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00834891,?,?,00000035,?), ref: 008237F4
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                          • Opcode ID: bf92905cec17bc47c5f5f396646061b3c8abd7085f8e20571bffa2964c115564
                                                                                                                                                                                                                                                                          • Instruction ID: 0240b8c5be96d6e16e1d173495479ba12d2fcb4ac3bf872b37bc19bf9cff9491
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf92905cec17bc47c5f5f396646061b3c8abd7085f8e20571bffa2964c115564
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CF0E5B46052286BEB6017B69C4DFEB3AAEFFC5761F000275F609D2291D9A09944C6B0
                                                                                                                                                                                                                                                                          Function 0081B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0081B25D
                                                                                                                                                                                                                                                                          • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 0081B270
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5db047f0597291159f2de79dea8ca5d0c18c9bf2f3ff2f60f4c04fb9cef8336a
                                                                                                                                                                                                                                                                          • Instruction ID: 7c6ee300b6d925419e4cad1608e8953ad65c99901dd41ff6ae06468f9a391c97
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5db047f0597291159f2de79dea8ca5d0c18c9bf2f3ff2f60f4c04fb9cef8336a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44F01D7590424DABDB159FA4C805BEE7BB4FF05309F008009F955E6191C3798655DF94
                                                                                                                                                                                                                                                                          Function 008110BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008111FC), ref: 008110D4
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,008111FC), ref: 008110E9
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 81990902-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8acd8b9fe8228e3fbe09e7bb375cd6c6e21ee067118e2a098458220658e6f66a
                                                                                                                                                                                                                                                                          • Instruction ID: da4ea6254f5ed1069c50aabcededfb4646f32e9f73926cff854c1498d39e5e1c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8acd8b9fe8228e3fbe09e7bb375cd6c6e21ee067118e2a098458220658e6f66a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1E0BF76115A10EEE7652F51FC09F7777ADFF05310B14882EF5A6804B1DB626C90DB50
                                                                                                                                                                                                                                                                          Function 007BCAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Variable is not of type 'Object'., xrefs: 00800C40
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                                          • API String ID: 0-1840281001
                                                                                                                                                                                                                                                                          • Opcode ID: 0737545edb8471297625bae86863010f95fe8268c84d6ab0aac056d78fd80f44
                                                                                                                                                                                                                                                                          • Instruction ID: 24e2820227c6b8a1d3c4fdf88ff481ce9e6762616b0c1629da2b38e240bfb3cc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0737545edb8471297625bae86863010f95fe8268c84d6ab0aac056d78fd80f44
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C329C74A00218DFDF15DF94C895BEDBBB5FF05304F248069E806AB292DB79AE45CB60
                                                                                                                                                                                                                                                                          Function 007E676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,007E6766,?,?,00000008,?,?,007EFEFE,00000000), ref: 007E6998
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5ca036b4220c24f7424240c83599b118ca6fc22fbe4620ebff5dfae822c63a24
                                                                                                                                                                                                                                                                          • Instruction ID: 3afdcb59fc3100b23658443fa656ca690f740d629dd42764941fd857d91f3ac1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ca036b4220c24f7424240c83599b118ca6fc22fbe4620ebff5dfae822c63a24
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5B169716116488FD719CF29C48AB647BE0FF193A4F25C65CE899CF2A2C339E981CB40
                                                                                                                                                                                                                                                                          Function 007CB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                          • Opcode ID: a78dbb6819c49db2e9e7052a271377b9271305f6dbbce470e46382db87fa63f1
                                                                                                                                                                                                                                                                          • Instruction ID: 66cdfa7cca44f0f9bc7b66500fdac595c8993bcf01a90416ba66c63356266075
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a78dbb6819c49db2e9e7052a271377b9271305f6dbbce470e46382db87fa63f1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9123E71900229DFDB54CF58C881BEEB7B5FF48710F15819AE849EB295EB349A81CF90
                                                                                                                                                                                                                                                                          Function 0082EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • BlockInput.USER32(00000001), ref: 0082EABD
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: BlockInput
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                          • Opcode ID: aa56408e5682c4cb4dbeaf8db820746673cd235f66a32d49cedb923d0559c82f
                                                                                                                                                                                                                                                                          • Instruction ID: 1dda23cd55a898d8b9141e4f57ee34f6e77e6bc6c0041d0528a3ea8aa1b0bc32
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa56408e5682c4cb4dbeaf8db820746673cd235f66a32d49cedb923d0559c82f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2EE012752002149FC710DF59D404E9AB7EDFF69760F00841AFC4AC7251D674A8408B91
                                                                                                                                                                                                                                                                          Function 007D09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,007D03EE), ref: 007D09DA
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                          • Opcode ID: eddd58dab075fd5e131effaa5bc80b888fcc747710d51c99b6f562efa945445e
                                                                                                                                                                                                                                                                          • Instruction ID: 0ed1eb06eb66f68bd871d8577a5c3774b430488172c0f00202e36d148d87abaf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eddd58dab075fd5e131effaa5bc80b888fcc747710d51c99b6f562efa945445e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                          Function 007D781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                          • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                          • Instruction ID: 524fc1e03a5d6f68f95409f4f15ad6012ac6d82fca642812d005cce6c09e7a18
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E451677260C7459BDB3C856888AE7BE67B99B52300F18050BD886DB382F61DEE41E356
                                                                                                                                                                                                                                                                          Function 007E6DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: cf789f8af10a6d13a9d3ec2a9702d2ad4439d26ada26f9f74d990df3287c30cc
                                                                                                                                                                                                                                                                          • Instruction ID: ba2920f483475723c66805b7642280a74f2461043f9b3179ad6762511c073cda
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf789f8af10a6d13a9d3ec2a9702d2ad4439d26ada26f9f74d990df3287c30cc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05322322D2AF814DD7279635D8223356259BFBB3C6F14D737E81AB59A6EF2DC4838100
                                                                                                                                                                                                                                                                          Function 007CCC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3fb6ebf565cb25174ace8702e73a4b02b6677d437b689461c7150179e2648bd8
                                                                                                                                                                                                                                                                          • Instruction ID: fd448adea62279b9153319ff48474851b6d5eaa88ec86510d29cbf7b4d251a43
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3fb6ebf565cb25174ace8702e73a4b02b6677d437b689461c7150179e2648bd8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51320232A041198BDF79CF29C894B7D7BA1FB45314F28826ED89ACB2D1D234DD81DB51
                                                                                                                                                                                                                                                                          Function 007B7920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 521293262bbeafdb4d815ac79e479a4abd26691d79e3c04132e44ab9c30885a2
                                                                                                                                                                                                                                                                          • Instruction ID: da360f733b950ba6777d4032e7b28461b65de1e4ef6be1d49fea559222a024f3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 521293262bbeafdb4d815ac79e479a4abd26691d79e3c04132e44ab9c30885a2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A228EB0A04609DFDF14DF68D885BEEB7B6FF44300F204529E916AB391EB39A951CB50
                                                                                                                                                                                                                                                                          Function 007B91C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 33de26385668d8461dce66500748765c2dd9077ae83f088181d613008c4f1d72
                                                                                                                                                                                                                                                                          • Instruction ID: 477fbd10c624b78aaea92dedf39f93e414dec230005efe4a9c4e0056ba7d6ba4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33de26385668d8461dce66500748765c2dd9077ae83f088181d613008c4f1d72
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E02A7B1E00209EBDB14DF64D885BBDB7B5FF44300F108169EA169B3A1EB39DA50DB91
                                                                                                                                                                                                                                                                          Function 007E9EEE Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: fcf81f42ef7b0397818b8064c40af0fdcf99f19b227230f2396317225a808119
                                                                                                                                                                                                                                                                          • Instruction ID: 9369cbbd8c18c3eef5974c26225465263018a679ea9a2286a9b3b2376b0af720
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcf81f42ef7b0397818b8064c40af0fdcf99f19b227230f2396317225a808119
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31B1F020D2AF414DC62396399831336B75CBFBB6D6F91D31BFC2674E22EB2686834140
                                                                                                                                                                                                                                                                          Function 007D1C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                          • Instruction ID: ad58c1e606bf26f58a887eac6606d20549147af21a86469759dc06de5e240761
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B79176722090E35ADB29463E857403EFFF15A923A235A079FD4F2CA3C5FE28D954D620
                                                                                                                                                                                                                                                                          Function 007D1F32 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                          • Instruction ID: 8f2028f9bc27fce677bd02f5cf124f41e5b8e23481cceb1df10d1fc05fd0e4d0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E9169722090E349DB6D4339857403DFFF15AA23A131A479FE4F2CB2C6EE29D556D620
                                                                                                                                                                                                                                                                          Function 007D19B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                          • Instruction ID: ab9bc2a21a5880f6d25682787912b68eecbb869972b73ae910fe2b26a87cdbd3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B89154722090E35ADB2D427A857403EFFF15A923A239A479FD4F2CA2C5FE28D554D620
                                                                                                                                                                                                                                                                          Function 007D7A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: f7254075197c6e3f3e73751c42fe2aa758b471049a743cdbfcae28d361e71a25
                                                                                                                                                                                                                                                                          • Instruction ID: 62142cea7ef744e1fbfd2ac3c34bec2f5e6f6d0a64d72cc962736b87afec309a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7254075197c6e3f3e73751c42fe2aa758b471049a743cdbfcae28d361e71a25
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44614BB120874996DA3C5A2C8D96BBE23B8DF81700F14491FE846DB381F61DDE42C366
                                                                                                                                                                                                                                                                          Function 007D7CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: dce13b0d871eef399c94097beece11b31ebd49e1a40d3b04c283d1cab66b3997
                                                                                                                                                                                                                                                                          • Instruction ID: 7b32e13d9d46272207342d8e12e924cb833b0b7b50492969595cfd25d5115b8d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dce13b0d871eef399c94097beece11b31ebd49e1a40d3b04c283d1cab66b3997
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39616A7170870996DE3C4A288896BBF63B6DF42704F14095BE983DB381FA1EED42C256
                                                                                                                                                                                                                                                                          Function 007D1706 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                          • Instruction ID: 893de2ce9f4573d324b55c64d80b79c86ea1fd9f15ab7398311d744167746b4a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F78163726090E319EB6D827A853443EFFF15A923B135A079FD4F2CA2D1EE289554E620
                                                                                                                                                                                                                                                                          Function 00822046 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 06113e9d275bb668a73157ddaa1f1c24ed544c7273796778d8a9c7839bba3a06
                                                                                                                                                                                                                                                                          • Instruction ID: 3f57fcf30c17d3eedcbaa1ce4a44b30b1f8cd67a3bdae20d0beae84e3e6f6985
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06113e9d275bb668a73157ddaa1f1c24ed544c7273796778d8a9c7839bba3a06
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D621A8326206218BD728CE79C81267A73E5FB64310F15862EE4A7C77D0DE35A944CB40
                                                                                                                                                                                                                                                                          Function 00832ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00832B30
                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00832B43
                                                                                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 00832B52
                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00832B6D
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00832B74
                                                                                                                                                                                                                                                                          • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00832CA3
                                                                                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00832CB1
                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832CF8
                                                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00832D04
                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00832D40
                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832D62
                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832D75
                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832D80
                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00832D89
                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832D98
                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00832DA1
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832DA8
                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00832DB3
                                                                                                                                                                                                                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832DC5
                                                                                                                                                                                                                                                                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,0084FC38,00000000), ref: 00832DDB
                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00832DEB
                                                                                                                                                                                                                                                                          • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00832E11
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00832E30
                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832E52
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0083303F
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                          • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                          • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                          • Opcode ID: 2a1f81974851d170d5cb5ae9df6e1c74a47469bf538cd2e2d4c790d7e437515e
                                                                                                                                                                                                                                                                          • Instruction ID: de225b8e1bb19c54a2fe0a37a6454395ce4765346d593baaa9a1e32bbebf032e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a1f81974851d170d5cb5ae9df6e1c74a47469bf538cd2e2d4c790d7e437515e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64024975500218EFDB24DF68CC89EAE7BB9FF49710F048558F915EB2A1DB74A901CBA0
                                                                                                                                                                                                                                                                          Function 008470D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 0084712F
                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 00847160
                                                                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 0084716C
                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,000000FF), ref: 00847186
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00847195
                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 008471C0
                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000010), ref: 008471C8
                                                                                                                                                                                                                                                                          • CreateSolidBrush.GDI32(00000000), ref: 008471CF
                                                                                                                                                                                                                                                                          • FrameRect.USER32(?,?,00000000), ref: 008471DE
                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 008471E5
                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FE,000000FE), ref: 00847230
                                                                                                                                                                                                                                                                          • FillRect.USER32(?,?,?), ref: 00847262
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00847284
                                                                                                                                                                                                                                                                            • Part of subcall function 008473E8: GetSysColor.USER32(00000012), ref: 00847421
                                                                                                                                                                                                                                                                            • Part of subcall function 008473E8: SetTextColor.GDI32(?,?), ref: 00847425
                                                                                                                                                                                                                                                                            • Part of subcall function 008473E8: GetSysColorBrush.USER32(0000000F), ref: 0084743B
                                                                                                                                                                                                                                                                            • Part of subcall function 008473E8: GetSysColor.USER32(0000000F), ref: 00847446
                                                                                                                                                                                                                                                                            • Part of subcall function 008473E8: GetSysColor.USER32(00000011), ref: 00847463
                                                                                                                                                                                                                                                                            • Part of subcall function 008473E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00847471
                                                                                                                                                                                                                                                                            • Part of subcall function 008473E8: SelectObject.GDI32(?,00000000), ref: 00847482
                                                                                                                                                                                                                                                                            • Part of subcall function 008473E8: SetBkColor.GDI32(?,00000000), ref: 0084748B
                                                                                                                                                                                                                                                                            • Part of subcall function 008473E8: SelectObject.GDI32(?,?), ref: 00847498
                                                                                                                                                                                                                                                                            • Part of subcall function 008473E8: InflateRect.USER32(?,000000FF,000000FF), ref: 008474B7
                                                                                                                                                                                                                                                                            • Part of subcall function 008473E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008474CE
                                                                                                                                                                                                                                                                            • Part of subcall function 008473E8: GetWindowLongW.USER32(00000000,000000F0), ref: 008474DB
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                          • Opcode ID: 10ee9c17faaabc063ab7e1356e31aab080272d9ebd1674a953e482da728a5e3d
                                                                                                                                                                                                                                                                          • Instruction ID: 765c7c820242e0881352ec17fa747d780afdc7684f34830b6d3cf1ea659bc5ac
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10ee9c17faaabc063ab7e1356e31aab080272d9ebd1674a953e482da728a5e3d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23A1AF76009315AFDB509F64DC48E6BBBA9FF8A320F100A19F962E61E1D770E944CB91
                                                                                                                                                                                                                                                                          Function 007C8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?,?), ref: 007C8E14
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001308,?,00000000), ref: 00806AC5
                                                                                                                                                                                                                                                                          • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00806AFE
                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00806F43
                                                                                                                                                                                                                                                                            • Part of subcall function 007C8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,007C8BE8,?,00000000,?,?,?,?,007C8BBA,00000000,?), ref: 007C8FC5
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001053), ref: 00806F7F
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00806F96
                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 00806FAC
                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 00806FB7
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                          • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                          • Opcode ID: d719e92253906da0e560665713dace305ba87b8fcdd02875513b461ea5d46841
                                                                                                                                                                                                                                                                          • Instruction ID: 7f3433964298a26378854a6256eb689d9390172b6443fa529c02fe2b8930344c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d719e92253906da0e560665713dace305ba87b8fcdd02875513b461ea5d46841
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9912AC34201211DFDBA5CF28CC58BA9BBE5FF45310F54446DE495CB2A2DB35E862CB92
                                                                                                                                                                                                                                                                          Function 00832711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000), ref: 0083273E
                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0083286A
                                                                                                                                                                                                                                                                          • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 008328A9
                                                                                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 008328B9
                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00832900
                                                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 0083290C
                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00832955
                                                                                                                                                                                                                                                                          • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00832964
                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 00832974
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00832978
                                                                                                                                                                                                                                                                          • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00832988
                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00832991
                                                                                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0083299A
                                                                                                                                                                                                                                                                          • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 008329C6
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000030,00000000,00000001), ref: 008329DD
                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00832A1D
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00832A31
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000404,00000001,00000000), ref: 00832A42
                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00832A77
                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 00832A82
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00832A8D
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00832A97
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                          • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                          • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                          • Opcode ID: 42f6ab8db8f57951d15bfa8142149586d7703f832eb4af3d780732a282b74bc1
                                                                                                                                                                                                                                                                          • Instruction ID: e3b379803e14e7dd318039e1bb2d1dc92b6d133347857f5bce554b731aef1237
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42f6ab8db8f57951d15bfa8142149586d7703f832eb4af3d780732a282b74bc1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3B16C75A00219AFEB14DFA8CC4AFAE7BA9FB48714F008514F915E7290DB74ED40CBA0
                                                                                                                                                                                                                                                                          Function 00824ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 00824AED
                                                                                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?,0084CB68,?,\\.\,0084CC08), ref: 00824BCA
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,0084CB68,?,\\.\,0084CC08), ref: 00824D36
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                          • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                          • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                          • Opcode ID: 57628564f60d5b832ac0b273d8f380e5ed4549c85789049cedcb031ef6817ec2
                                                                                                                                                                                                                                                                          • Instruction ID: 71ac7bcd1eace9da5b23383f833b7ba123e9ec81be9bf7a821a97e2da5ada5ee
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57628564f60d5b832ac0b273d8f380e5ed4549c85789049cedcb031ef6817ec2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE610630601619DBCB14DF68DA85DAC7BA0FF44304B249016F81AEB396EB3ADDD1DB61
                                                                                                                                                                                                                                                                          Function 008473E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000012), ref: 00847421
                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 00847425
                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 0084743B
                                                                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00847446
                                                                                                                                                                                                                                                                          • CreateSolidBrush.GDI32(?), ref: 0084744B
                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000011), ref: 00847463
                                                                                                                                                                                                                                                                          • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00847471
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 00847482
                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 0084748B
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00847498
                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 008474B7
                                                                                                                                                                                                                                                                          • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008474CE
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 008474DB
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0084752A
                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00847554
                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FD,000000FD), ref: 00847572
                                                                                                                                                                                                                                                                          • DrawFocusRect.USER32(?,?), ref: 0084757D
                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000011), ref: 0084758E
                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 00847596
                                                                                                                                                                                                                                                                          • DrawTextW.USER32(?,008470F5,000000FF,?,00000000), ref: 008475A8
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 008475BF
                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 008475CA
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 008475D0
                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 008475D5
                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 008475DB
                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 008475E5
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                          • Opcode ID: d3cf065a283503f6623c3425484309ed5ff45f5d45476a826bfaa7abf5e2b2d0
                                                                                                                                                                                                                                                                          • Instruction ID: d6224014a002ad7f0ff79dc7d5a2697c23b377326337c4872d921a66a2239604
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3cf065a283503f6623c3425484309ed5ff45f5d45476a826bfaa7abf5e2b2d0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35616A76901218AFDF119FA4DC49EAEBFB9FB09320F118115F915BB2A1D7749940CF90
                                                                                                                                                                                                                                                                          Function 00840FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00841128
                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0084113D
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00841144
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00841199
                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 008411B9
                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 008411ED
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0084120B
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0084121D
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000421,?,?), ref: 00841232
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00841245
                                                                                                                                                                                                                                                                          • IsWindowVisible.USER32(00000000), ref: 008412A1
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 008412BC
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 008412D0
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 008412E8
                                                                                                                                                                                                                                                                          • MonitorFromPoint.USER32(?,?,00000002), ref: 0084130E
                                                                                                                                                                                                                                                                          • GetMonitorInfoW.USER32(00000000,?), ref: 00841328
                                                                                                                                                                                                                                                                          • CopyRect.USER32(?,?), ref: 0084133F
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000412,00000000), ref: 008413AA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                          • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                          • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                          • Opcode ID: e8857675b455bb798727b58c8232ad6253c871286ebdd2fc2f01579275611c4e
                                                                                                                                                                                                                                                                          • Instruction ID: e02ff8c16b9035c6c8926b66873e34a28ab9ef6b6d0ff0dfadcbe4f19a749648
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8857675b455bb798727b58c8232ad6253c871286ebdd2fc2f01579275611c4e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AB17D71604345AFDB54DF64C888BAABBE4FF89354F00891CF999DB261C771E844CB92
                                                                                                                                                                                                                                                                          Function 00840241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 008402E5
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0084031F
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00840389
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008403F1
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00840475
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 008404C5
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00840504
                                                                                                                                                                                                                                                                            • Part of subcall function 007CF9F2: _wcslen.LIBCMT ref: 007CF9FD
                                                                                                                                                                                                                                                                            • Part of subcall function 0081223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00812258
                                                                                                                                                                                                                                                                            • Part of subcall function 0081223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0081228A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                          • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                          • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                          • Opcode ID: 0c77f1ec16626db46d39dfa7ef841675eadc44cf090e831cc32f441a830e8bb0
                                                                                                                                                                                                                                                                          • Instruction ID: eeb08a53e9890ce45b02ee31edccf8e2aa417ce4de9e137c7c3b88020395a09d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c77f1ec16626db46d39dfa7ef841675eadc44cf090e831cc32f441a830e8bb0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00E1AB312082098BC724DF24C45096BB7E6FFD8318B15895CFA96EB3A5DB34ED45CB82
                                                                                                                                                                                                                                                                          Function 007C8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007C8968
                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000007), ref: 007C8970
                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007C899B
                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000008), ref: 007C89A3
                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000004), ref: 007C89C8
                                                                                                                                                                                                                                                                          • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 007C89E5
                                                                                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 007C89F5
                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 007C8A28
                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 007C8A3C
                                                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,000000FF), ref: 007C8A5A
                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 007C8A76
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 007C8A81
                                                                                                                                                                                                                                                                            • Part of subcall function 007C912D: GetCursorPos.USER32(?), ref: 007C9141
                                                                                                                                                                                                                                                                            • Part of subcall function 007C912D: ScreenToClient.USER32(00000000,?), ref: 007C915E
                                                                                                                                                                                                                                                                            • Part of subcall function 007C912D: GetAsyncKeyState.USER32(00000001), ref: 007C9183
                                                                                                                                                                                                                                                                            • Part of subcall function 007C912D: GetAsyncKeyState.USER32(00000002), ref: 007C919D
                                                                                                                                                                                                                                                                          • SetTimer.USER32(00000000,00000000,00000028,007C90FC), ref: 007C8AA8
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                          • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                          • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                          • Opcode ID: 21bad5887a6951e8a429dd5ee04059b893e63cdd167a6a8df35df2c513903126
                                                                                                                                                                                                                                                                          • Instruction ID: 8293708309932ccce6a3c8c1b09fbdbb734a17a459b3c0ef6f2d911d929b5645
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21bad5887a6951e8a429dd5ee04059b893e63cdd167a6a8df35df2c513903126
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FB18A75A0020AAFDF54DFA8CC49BAE7BB9FB48314F11422DFA15E7290DB34A851CB51
                                                                                                                                                                                                                                                                          Function 00810D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 008110F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00811114
                                                                                                                                                                                                                                                                            • Part of subcall function 008110F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811120
                                                                                                                                                                                                                                                                            • Part of subcall function 008110F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 0081112F
                                                                                                                                                                                                                                                                            • Part of subcall function 008110F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811136
                                                                                                                                                                                                                                                                            • Part of subcall function 008110F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0081114D
                                                                                                                                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00810DF5
                                                                                                                                                                                                                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00810E29
                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00810E40
                                                                                                                                                                                                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00810E7A
                                                                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00810E96
                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00810EAD
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00810EB5
                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00810EBC
                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00810EDD
                                                                                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000), ref: 00810EE4
                                                                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00810F13
                                                                                                                                                                                                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00810F35
                                                                                                                                                                                                                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00810F47
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810F6E
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00810F75
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810F7E
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00810F85
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810F8E
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00810F95
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00810FA1
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00810FA8
                                                                                                                                                                                                                                                                            • Part of subcall function 00811193: GetProcessHeap.KERNEL32(00000008,00810BB1,?,00000000,?,00810BB1,?), ref: 008111A1
                                                                                                                                                                                                                                                                            • Part of subcall function 00811193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00810BB1,?), ref: 008111A8
                                                                                                                                                                                                                                                                            • Part of subcall function 00811193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00810BB1,?), ref: 008111B7
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                          • Opcode ID: 337e1eb813370e709417c086be5436925f92dabeff2125b56a97aef522fb7571
                                                                                                                                                                                                                                                                          • Instruction ID: 30cb46ac7d96d2665850688efda8f31fb9d5c29f5f0e013e73940b53b491ce77
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 337e1eb813370e709417c086be5436925f92dabeff2125b56a97aef522fb7571
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9171487690120AABDB209FA5DC49BEEBBBCFF05300F044115E959E6191DB719A86CF60
                                                                                                                                                                                                                                                                          Function 0083C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083C4BD
                                                                                                                                                                                                                                                                          • RegCreateKeyExW.ADVAPI32(?,?,00000000,0084CC08,00000000,?,00000000,?,?), ref: 0083C544
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0083C5A4
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0083C5F4
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0083C66F
                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0083C6B2
                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0083C7C1
                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0083C84D
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 0083C881
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0083C88E
                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0083C960
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                          • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                          • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                          • Opcode ID: 9189e7f91001ef01aaaef177b6a18dd99e9e437b94bc11346e59622040e2aaaf
                                                                                                                                                                                                                                                                          • Instruction ID: 19cc5cd4c630f8493a62c4cc936dd02d9bf427eabe57c65402344910b4ec52a5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9189e7f91001ef01aaaef177b6a18dd99e9e437b94bc11346e59622040e2aaaf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B123435604201DFCB14DF14C885B6AB7E5FF88714F14889DF89AAB2A2DB35ED41CB91
                                                                                                                                                                                                                                                                          Function 0084091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 008409C6
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00840A01
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00840A54
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00840A8A
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00840B06
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00840B81
                                                                                                                                                                                                                                                                            • Part of subcall function 007CF9F2: _wcslen.LIBCMT ref: 007CF9FD
                                                                                                                                                                                                                                                                            • Part of subcall function 00812BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00812BFA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                          • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                          • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                          • Opcode ID: 11f5358184063a390b88f9988477ef12a53897d931eaff3219dbe8da420ec9e1
                                                                                                                                                                                                                                                                          • Instruction ID: 55e4d8eb6a3f4d9bfca4a3d644c7bafdb43ed57f86d5de9b5f2341458b66eb6f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11f5358184063a390b88f9988477ef12a53897d931eaff3219dbe8da420ec9e1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10E17831608305DFC714DF24C491A6AB7E2FF98318B14895DF99A9B3A2D734ED49CB82
                                                                                                                                                                                                                                                                          Function 0083C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                          • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                          • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                          • Opcode ID: 92ce81ddef22ef537d01200543781dbcbe4baa0aa70c0791b8ac7876f10f9fe2
                                                                                                                                                                                                                                                                          • Instruction ID: 9ca86d202b339990f141ed305aa969b5fbfacdef98adffa7c22e863867014045
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92ce81ddef22ef537d01200543781dbcbe4baa0aa70c0791b8ac7876f10f9fe2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7271D37260012A8BCB20DE7CCD516BA73A5FBE0764F254529F866F7284EA35DD45C3E0
                                                                                                                                                                                                                                                                          Function 0084833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0084835A
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0084836E
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00848391
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008483B4
                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 008483F2
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00845BF2), ref: 0084844E
                                                                                                                                                                                                                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00848487
                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 008484CA
                                                                                                                                                                                                                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00848501
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 0084850D
                                                                                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0084851D
                                                                                                                                                                                                                                                                          • DestroyIcon.USER32(?,?,?,?,?,00845BF2), ref: 0084852C
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00848549
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00848555
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                          • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                          • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                          • Opcode ID: 15f317537bd7df392fba25ab743e63f6cfd9526fcd82a442900d44ee0b921287
                                                                                                                                                                                                                                                                          • Instruction ID: 0755e91b7ab20ab911b55309e3dc2967c8d10a9aec67aeb3ad187cb982899be9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15f317537bd7df392fba25ab743e63f6cfd9526fcd82a442900d44ee0b921287
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B961AF71900219FBEB14DF64CC85BBE77ACFB04B11F10454AF915E61D1DB74AA90CBA0
                                                                                                                                                                                                                                                                          Function 007B7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                          • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                          • Opcode ID: 64599cebc13cd0d12b7f1bf469ecb68ccc8f82fb96059e56254695749a34808e
                                                                                                                                                                                                                                                                          • Instruction ID: e9ae8844307ff727b0ea56be9e59a88c66f851b101d7ba9b43d039a3d3b105c7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64599cebc13cd0d12b7f1bf469ecb68ccc8f82fb96059e56254695749a34808e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB81C371A04609FBDB24AF60CC46FFE37A9FF55300F044025FA15AA296EB7CD911D6A1
                                                                                                                                                                                                                                                                          Function 00823E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CharLowerBuffW.USER32(?,?), ref: 00823EF8
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00823F03
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00823F5A
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00823F98
                                                                                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?), ref: 00823FD6
                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0082401E
                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00824059
                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00824087
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                          • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                          • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                          • Opcode ID: 7a8d00cfb8414bf816bfec0c31da590350dd89975edab9292cd904dbeb019244
                                                                                                                                                                                                                                                                          • Instruction ID: e5fc2d533d9e1a16cf615f241f11eb5dadedea36d0b3f5ddcfd437aafe71a33b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a8d00cfb8414bf816bfec0c31da590350dd89975edab9292cd904dbeb019244
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 267101326046119FC310EF24D8909AAB7F4FF94758F10892DF9A5D7251EB38ED89CB51
                                                                                                                                                                                                                                                                          Function 00815A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadIconW.USER32(00000063), ref: 00815A2E
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00815A40
                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00815A57
                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 00815A6C
                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00815A72
                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00815A82
                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00815A88
                                                                                                                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00815AA9
                                                                                                                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00815AC3
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00815ACC
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00815B33
                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00815B6F
                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00815B75
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00815B7C
                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00815BD3
                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00815BE0
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000005,00000000,?), ref: 00815C05
                                                                                                                                                                                                                                                                          • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00815C2F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 895679908-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1a4674c344b2de4132d1e20a0fb70f2298fdfeca4356c1a6e65832bbdb7ad9df
                                                                                                                                                                                                                                                                          • Instruction ID: 18d71799e6ad14f13930a64823c0960bdc378615cc513ea4a99d52609d6a2055
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a4674c344b2de4132d1e20a0fb70f2298fdfeca4356c1a6e65832bbdb7ad9df
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2716F31900B09EFDB20DFA9CE85AAEBBF9FF88714F104519E542E25A0D775E984CB50
                                                                                                                                                                                                                                                                          Function 0082FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F89), ref: 0082FE27
                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F8A), ref: 0082FE32
                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0082FE3D
                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F03), ref: 0082FE48
                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F8B), ref: 0082FE53
                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F01), ref: 0082FE5E
                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F81), ref: 0082FE69
                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F88), ref: 0082FE74
                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F80), ref: 0082FE7F
                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F86), ref: 0082FE8A
                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F83), ref: 0082FE95
                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F85), ref: 0082FEA0
                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F82), ref: 0082FEAB
                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F84), ref: 0082FEB6
                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F04), ref: 0082FEC1
                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 0082FECC
                                                                                                                                                                                                                                                                          • GetCursorInfo.USER32(?), ref: 0082FEDC
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0082FF1E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2b9e669b75deb0085c38591913aa42ca1d423837d60f74dd56c4adf797f351cc
                                                                                                                                                                                                                                                                          • Instruction ID: 043c68343e12d85225fac4952fd7b9c99572e6c9bdcfe6e916b6ec6e18499a0f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b9e669b75deb0085c38591913aa42ca1d423837d60f74dd56c4adf797f351cc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 314160B0D04319AADB109FBA9C8985EBFF8FF04354B50853AF119E7281DB78A941CE90
                                                                                                                                                                                                                                                                          Function 007D00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 007D00C6
                                                                                                                                                                                                                                                                            • Part of subcall function 007D00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0088070C,00000FA0,A32F7F25,?,?,?,?,007F23B3,000000FF), ref: 007D011C
                                                                                                                                                                                                                                                                            • Part of subcall function 007D00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,007F23B3,000000FF), ref: 007D0127
                                                                                                                                                                                                                                                                            • Part of subcall function 007D00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,007F23B3,000000FF), ref: 007D0138
                                                                                                                                                                                                                                                                            • Part of subcall function 007D00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 007D014E
                                                                                                                                                                                                                                                                            • Part of subcall function 007D00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 007D015C
                                                                                                                                                                                                                                                                            • Part of subcall function 007D00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 007D016A
                                                                                                                                                                                                                                                                            • Part of subcall function 007D00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007D0195
                                                                                                                                                                                                                                                                            • Part of subcall function 007D00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007D01A0
                                                                                                                                                                                                                                                                          • ___scrt_fastfail.LIBCMT ref: 007D00E7
                                                                                                                                                                                                                                                                            • Part of subcall function 007D00A3: __onexit.LIBCMT ref: 007D00A9
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • InitializeConditionVariable, xrefs: 007D0148
                                                                                                                                                                                                                                                                          • SleepConditionVariableCS, xrefs: 007D0154
                                                                                                                                                                                                                                                                          • WakeAllConditionVariable, xrefs: 007D0162
                                                                                                                                                                                                                                                                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 007D0122
                                                                                                                                                                                                                                                                          • kernel32.dll, xrefs: 007D0133
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                          • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                          • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                          • Opcode ID: fb5fc22f96e3cff6248dc2f0653c1cb4342d459d20ec6aaee3f4f9b64ae1e7d8
                                                                                                                                                                                                                                                                          • Instruction ID: 5c245c9f306993479fbfc1a9d13b205c66e4fc8408f9863c02985868cfb002ab
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb5fc22f96e3cff6248dc2f0653c1cb4342d459d20ec6aaee3f4f9b64ae1e7d8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D21C636A45719ABE7506BA4AC09B6E77E8FB05B51F10013FF911E3392DB7E98008AD0
                                                                                                                                                                                                                                                                          Function 008130F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                                                                                          • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                          • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                          • Opcode ID: a8137b3f5c9445f4494a8947a0c393c5cd25e3b5b73f82fe5e319595d5c56ef2
                                                                                                                                                                                                                                                                          • Instruction ID: 0fedceb0302cbd488bfd94d1c42bd4f4bd7e2ba3d28bf9bbc2925dd844819846
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8137b3f5c9445f4494a8947a0c393c5cd25e3b5b73f82fe5e319595d5c56ef2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63E1E432A00516EBCB189FA8C455BEDFBB9FF54710F54812AE566F7240DB30AEC98790
                                                                                                                                                                                                                                                                          Function 008244C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CharLowerBuffW.USER32(00000000,00000000,0084CC08), ref: 00824527
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0082453B
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00824599
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008245F4
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0082463F
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008246A7
                                                                                                                                                                                                                                                                            • Part of subcall function 007CF9F2: _wcslen.LIBCMT ref: 007CF9FD
                                                                                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?,00876BF0,00000061), ref: 00824743
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                          • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                          • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                          • Opcode ID: 0ce5cbb06bdf287ad6008cb94fe77b48c7af531ac44dd64504502d91b3904ddb
                                                                                                                                                                                                                                                                          • Instruction ID: a922b0521a8c074d8b507d955d448b3b9ffd4edd28cf4bebd4f6f4dab113efae
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ce5cbb06bdf287ad6008cb94fe77b48c7af531ac44dd64504502d91b3904ddb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1B112316083229FC710DF28E890A6EB7E5FFA5724F50591DF5AAC7291E734D884CB62
                                                                                                                                                                                                                                                                          Function 00833FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,0084CC08), ref: 008340BB
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 008340CD
                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0084CC08), ref: 008340F2
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,0084CC08), ref: 0083413E
                                                                                                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028,?,0084CC08), ref: 008341A8
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000009), ref: 00834262
                                                                                                                                                                                                                                                                          • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 008342C8
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 008342F2
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                          • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                          • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                          • Opcode ID: 4ed91841bbe92b514f4a2b006addf9b61e4f5ddff4ae81c5fd90b4b6d43f5d87
                                                                                                                                                                                                                                                                          • Instruction ID: 2e4ae6a385866f397824fe749e10ef71288891ceeec14c517b0fd55e8b81d250
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ed91841bbe92b514f4a2b006addf9b61e4f5ddff4ae81c5fd90b4b6d43f5d87
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99122D75A00119EFDB14CF94C884EAEBBB9FF85318F248098E905EB251D731ED46CBA0
                                                                                                                                                                                                                                                                          Function 007B326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(00881990), ref: 007F2F8D
                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(00881990), ref: 007F303D
                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 007F3081
                                                                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 007F308A
                                                                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(00881990,00000000,?,00000000,00000000,00000000), ref: 007F309D
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 007F30A9
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                          • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                          • Opcode ID: a1d8b536b3ab54fa66dde813e5c94c6697b7b97fd18966722f5b4b625007b585
                                                                                                                                                                                                                                                                          • Instruction ID: ce8344698765f5ab8dfbc8e13e75fc09c1031beeb5a925525f7bfb7b9b137017
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1d8b536b3ab54fa66dde813e5c94c6697b7b97fd18966722f5b4b625007b585
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5712D70644209BEEB218F64CC49FEABF69FF05324F204216F615A62D1C7B9AD50DB51
                                                                                                                                                                                                                                                                          Function 00846CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,?), ref: 00846DEB
                                                                                                                                                                                                                                                                            • Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A
                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00846E5F
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00846E81
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00846E94
                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00846EB5
                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,007B0000,00000000), ref: 00846EE4
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00846EFD
                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00846F16
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00846F1D
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00846F35
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00846F4D
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9944: GetWindowLongW.USER32(?,000000EB), ref: 007C9952
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                          • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                          • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                          • Opcode ID: 7324067461c5b0abb4bd5c1edd98fc0aea3392cecda6757137138d198a0764fa
                                                                                                                                                                                                                                                                          • Instruction ID: 59fbb75dd60c66bc5a3a352b1f24904d8d8c8462b208c094b4b13a2d77133f45
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7324067461c5b0abb4bd5c1edd98fc0aea3392cecda6757137138d198a0764fa
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A714674104348AFDB61CF18DC48BAABBE9FB8A304F54441DF999C7261DB74A91ACB12
                                                                                                                                                                                                                                                                          Function 0084911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                                                                                                                                                                                                                          • DragQueryPoint.SHELL32(?,?), ref: 00849147
                                                                                                                                                                                                                                                                            • Part of subcall function 00847674: ClientToScreen.USER32(?,?), ref: 0084769A
                                                                                                                                                                                                                                                                            • Part of subcall function 00847674: GetWindowRect.USER32(?,?), ref: 00847710
                                                                                                                                                                                                                                                                            • Part of subcall function 00847674: PtInRect.USER32(?,?,00848B89), ref: 00847720
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 008491B0
                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 008491BB
                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 008491DE
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00849225
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 0084923E
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 00849255
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 00849277
                                                                                                                                                                                                                                                                          • DragFinish.SHELL32(?), ref: 0084927E
                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00849371
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                          • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                          • Opcode ID: 73234da629cbd78eb70dcfc152f34a4d3252928702f820598f720f00c8b5ca71
                                                                                                                                                                                                                                                                          • Instruction ID: bdbbfa59c9f06e861bfc0e85633b40ae4c7a2a46a3a1954221d2fa731e0e9048
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73234da629cbd78eb70dcfc152f34a4d3252928702f820598f720f00c8b5ca71
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07617C71108305AFD701EF64DC89EAFBBE8FF89350F40491DF6A5922A1DB709A49CB52
                                                                                                                                                                                                                                                                          Function 0082C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0082C4B0
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0082C4C3
                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0082C4D7
                                                                                                                                                                                                                                                                          • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0082C4F0
                                                                                                                                                                                                                                                                          • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0082C533
                                                                                                                                                                                                                                                                          • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0082C549
                                                                                                                                                                                                                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0082C554
                                                                                                                                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0082C584
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0082C5DC
                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0082C5F0
                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0082C5FB
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                          • Opcode ID: f298dea88832a5e65c1a29458ebb40c6e3ff002fd90ea0b71bd33c0f4f6d804e
                                                                                                                                                                                                                                                                          • Instruction ID: c652945e43e4d41af07cab9cdc426af269a9cc61754e98b66f1b20f1297b3179
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f298dea88832a5e65c1a29458ebb40c6e3ff002fd90ea0b71bd33c0f4f6d804e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D5158B4500618AFEB219F64DA88ABB7BFCFF09344F00441AF945D6250DB74E984DB60
                                                                                                                                                                                                                                                                          Function 0084856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00848592
                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008485A2
                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008485AD
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008485BA
                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 008485C8
                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008485D7
                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 008485E0
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008485E7
                                                                                                                                                                                                                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008485F8
                                                                                                                                                                                                                                                                          • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0084FC38,?), ref: 00848611
                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00848621
                                                                                                                                                                                                                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 00848641
                                                                                                                                                                                                                                                                          • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00848671
                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00848699
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 008486AF
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6e08ea6f6a589543d07bbed1e3c1eb075cffe3d2ea23c9687765bea4b09db686
                                                                                                                                                                                                                                                                          • Instruction ID: 7da7ef7db1ef7a90081bfab9c8421dccd1309b2c1413ec2e677ef774535f6a14
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e08ea6f6a589543d07bbed1e3c1eb075cffe3d2ea23c9687765bea4b09db686
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8412979601208EFDB519FA5CC48EAE7BBCFF9A715F118058F909E7260DB749901DB20
                                                                                                                                                                                                                                                                          Function 008214BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(00000000), ref: 00821502
                                                                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 0082150B
                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00821517
                                                                                                                                                                                                                                                                          • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 008215FB
                                                                                                                                                                                                                                                                          • VarR8FromDec.OLEAUT32(?,?), ref: 00821657
                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00821708
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 0082178C
                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 008217D8
                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 008217E7
                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(00000000), ref: 00821823
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                          • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                          • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                          • Opcode ID: d27d66d1397570efa1b24bb300897270d60de9aee44f815f873a66d03a141748
                                                                                                                                                                                                                                                                          • Instruction ID: 15a55445df01e1e8f38bac0e7d42cfb47e89e0e35077e7c34c292fe008193826
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d27d66d1397570efa1b24bb300897270d60de9aee44f815f873a66d03a141748
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4CD1CF71A00229EBDF109F65E98DBB9B7B5FF55704F24809AE406EB180DB34EC81DB61
                                                                                                                                                                                                                                                                          Function 0083B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                            • Part of subcall function 0083C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
                                                                                                                                                                                                                                                                            • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083C9F1
                                                                                                                                                                                                                                                                            • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA68
                                                                                                                                                                                                                                                                            • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA9E
                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083B6F4
                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0083B772
                                                                                                                                                                                                                                                                          • RegDeleteValueW.ADVAPI32(?,?), ref: 0083B80A
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 0083B87E
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 0083B89C
                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0083B8F2
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0083B904
                                                                                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 0083B922
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 0083B983
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0083B994
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                          • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                          • Opcode ID: a54c3aa904fc45b99503c02276fc718fba4217feda7901b5a0ce10c95142ad81
                                                                                                                                                                                                                                                                          • Instruction ID: 30513ba37bd3a0391948f638cf2344f51ef3e724e4cb0e6172822ab24584d91f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a54c3aa904fc45b99503c02276fc718fba4217feda7901b5a0ce10c95142ad81
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03C17A75208201EFD710DF14C499B6ABBE5FF84318F18849CF69A8B2A2DB35ED45CB91
                                                                                                                                                                                                                                                                          Function 0083255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 008325D8
                                                                                                                                                                                                                                                                          • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 008325E8
                                                                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 008325F4
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00832601
                                                                                                                                                                                                                                                                          • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0083266D
                                                                                                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 008326AC
                                                                                                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 008326D0
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 008326D8
                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 008326E1
                                                                                                                                                                                                                                                                          • DeleteDC.GDI32(?), ref: 008326E8
                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,?), ref: 008326F3
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                          • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                          • Opcode ID: aad4aa2bc5f34126b20d361abbf775c0e74afc29abdbbb3e232eb1320852a9a9
                                                                                                                                                                                                                                                                          • Instruction ID: e8186a6d8b64aa710d723f887d49b43914c7514245dced594197877913144902
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aad4aa2bc5f34126b20d361abbf775c0e74afc29abdbbb3e232eb1320852a9a9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB61E275D01219EFCF14CFA8D885AAEBBBAFF48310F208529E955E7250E770A951CF90
                                                                                                                                                                                                                                                                          Function 007EDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___free_lconv_mon.LIBCMT ref: 007EDAA1
                                                                                                                                                                                                                                                                            • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED659
                                                                                                                                                                                                                                                                            • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED66B
                                                                                                                                                                                                                                                                            • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED67D
                                                                                                                                                                                                                                                                            • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED68F
                                                                                                                                                                                                                                                                            • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6A1
                                                                                                                                                                                                                                                                            • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6B3
                                                                                                                                                                                                                                                                            • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6C5
                                                                                                                                                                                                                                                                            • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6D7
                                                                                                                                                                                                                                                                            • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6E9
                                                                                                                                                                                                                                                                            • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6FB
                                                                                                                                                                                                                                                                            • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED70D
                                                                                                                                                                                                                                                                            • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED71F
                                                                                                                                                                                                                                                                            • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED731
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007EDA96
                                                                                                                                                                                                                                                                            • Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
                                                                                                                                                                                                                                                                            • Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007EDAB8
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007EDACD
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007EDAD8
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007EDAFA
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007EDB0D
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007EDB1B
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007EDB26
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007EDB5E
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007EDB65
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007EDB82
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007EDB9A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 161543041-0
                                                                                                                                                                                                                                                                          • Opcode ID: b4d5840bfc30ca9022307aa1ecd3015d85341cc2b50ad69d6863f88f0ff58c12
                                                                                                                                                                                                                                                                          • Instruction ID: cadab9b782c309b43f8f849fc2163c742b30370a4ad6403aaf63d0bd409cb1ad
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4d5840bfc30ca9022307aa1ecd3015d85341cc2b50ad69d6863f88f0ff58c12
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62315F71506288DFDB31AA76D84AB5677E8FF08310F115429E458E71A2EA3DFD418B20
                                                                                                                                                                                                                                                                          Function 0081365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 0081369C
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008136A7
                                                                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00813797
                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 0081380C
                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 0081385D
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00813882
                                                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 008138A0
                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(00000000), ref: 008138A7
                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00813921
                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 0081395D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                          • String ID: %s%u
                                                                                                                                                                                                                                                                          • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                          • Opcode ID: a84072a21a3d19320f277c12d6fda2d5eee65f28471c589ccf53badaa9a65334
                                                                                                                                                                                                                                                                          • Instruction ID: b8174ff7018e758bc9656e04ec2446cebe36a206382cb83e366266fa773738bf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a84072a21a3d19320f277c12d6fda2d5eee65f28471c589ccf53badaa9a65334
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C291AF71204606AFD719DF24C885FEAFBACFF45350F008629F999D2190DB34EA95CBA1
                                                                                                                                                                                                                                                                          Function 00814954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00814994
                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 008149DA
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008149EB
                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,00000000), ref: 008149F7
                                                                                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 00814A2C
                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00814A64
                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 00814A9D
                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00814AE6
                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00814B20
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00814B8B
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                          • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                          • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                          • Opcode ID: 4c35fe6e6f5a247bdd25830eca6ca770d27be02f05abf4b5ef2031bc679643ed
                                                                                                                                                                                                                                                                          • Instruction ID: d39455dc301cfbb0c8bd6abfc5b9519509f65586d4c80559f349caab81242975
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c35fe6e6f5a247bdd25830eca6ca770d27be02f05abf4b5ef2031bc679643ed
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4919C710082059BDB04CF54C985BEA7BECFF84354F04946AFD8ADA196EB34ED85CBA1
                                                                                                                                                                                                                                                                          Function 00848D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00848D5A
                                                                                                                                                                                                                                                                          • GetFocus.USER32 ref: 00848D6A
                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(00000000), ref: 00848D75
                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00848E1D
                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00848ECF
                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(?), ref: 00848EEC
                                                                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,00000000), ref: 00848EFC
                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00848F2E
                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00848F70
                                                                                                                                                                                                                                                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00848FA1
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                          • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                          • Opcode ID: e597b59dcbf9074b12c0573b806d63201491b01d03334b2077b659856cc77408
                                                                                                                                                                                                                                                                          • Instruction ID: 5bad8e09058de36a4293973079b428c4bb4f82458316c40a8778dadf65e45d74
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e597b59dcbf9074b12c0573b806d63201491b01d03334b2077b659856cc77408
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6817A71508309EBDB10CF28D888AAFBBE9FB89754F14091DF995D7291DB30D905CBA2
                                                                                                                                                                                                                                                                          Function 0081BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(00881990,000000FF,00000000,00000030), ref: 0081BFAC
                                                                                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(00881990,00000004,00000000,00000030), ref: 0081BFE1
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(000001F4), ref: 0081BFF3
                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(?), ref: 0081C039
                                                                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,00000000), ref: 0081C056
                                                                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,-00000001), ref: 0081C082
                                                                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,?), ref: 0081C0C9
                                                                                                                                                                                                                                                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0081C10F
                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0081C124
                                                                                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0081C145
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                          • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                          • Opcode ID: 262cde61f2206fdcb93278877392d95e5379a2b20d64e962c00b82d99f00ca33
                                                                                                                                                                                                                                                                          • Instruction ID: 367f7f1afec4795ccb081c6da047aa1aa522907223a79dbc9b0dd2b170bc19de
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 262cde61f2206fdcb93278877392d95e5379a2b20d64e962c00b82d99f00ca33
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51615AB498024AABDF11CF68DC88AEEBBADFF06344F104155E811E3291CB35AD85CB61
                                                                                                                                                                                                                                                                          Function 0081DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0081DC20
                                                                                                                                                                                                                                                                          • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0081DC46
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0081DC50
                                                                                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 0081DCA0
                                                                                                                                                                                                                                                                          • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0081DCBC
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                          • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                          • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                          • Opcode ID: 5a86854a328fb81c0957116fd0ff60a75eb956f6605d8a87ceef41103dab4dcf
                                                                                                                                                                                                                                                                          • Instruction ID: b6763382772271541a1fe13c1474bb7c79e652c8e0e54095df0bb97da0c11f90
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a86854a328fb81c0957116fd0ff60a75eb956f6605d8a87ceef41103dab4dcf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B541F372A40305BBDB10A765AC4BFFF377CFF52710F10406AF900E6282EA78A90196A5
                                                                                                                                                                                                                                                                          Function 0083CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0083CC64
                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0083CC8D
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0083CD48
                                                                                                                                                                                                                                                                            • Part of subcall function 0083CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0083CCAA
                                                                                                                                                                                                                                                                            • Part of subcall function 0083CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0083CCBD
                                                                                                                                                                                                                                                                            • Part of subcall function 0083CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0083CCCF
                                                                                                                                                                                                                                                                            • Part of subcall function 0083CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0083CD05
                                                                                                                                                                                                                                                                            • Part of subcall function 0083CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0083CD28
                                                                                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 0083CCF3
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                          • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                          • Opcode ID: 236d771883ecb8f5718df8a4d68d6aeb2cc41e63fef33f405f5dd9dfdb5d0d5c
                                                                                                                                                                                                                                                                          • Instruction ID: 22b0f1c9fc82eb60db71aec6aa43807974f58b74acdc6b38951f65299314fbbe
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 236d771883ecb8f5718df8a4d68d6aeb2cc41e63fef33f405f5dd9dfdb5d0d5c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9316C75902129BBDB609B65DC88EFFBB7CFF86754F000165B906E2240DA349A45DBE0
                                                                                                                                                                                                                                                                          Function 00823D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00823D40
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00823D6D
                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 00823D9D
                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00823DBE
                                                                                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?), ref: 00823DCE
                                                                                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00823E55
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00823E60
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00823E6B
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                          • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                          • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                          • Opcode ID: 5f0a3dcb3bbc06d1f1b19e66dc39d7fcc556453781af9770c3d5d753772d8af2
                                                                                                                                                                                                                                                                          • Instruction ID: d7ec37b13efa586e67184ed12d2c18261143e34b1aa1e80b6813f2a05535bd97
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f0a3dcb3bbc06d1f1b19e66dc39d7fcc556453781af9770c3d5d753772d8af2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F31A176A00219ABDB209FA0DC49FEB37BCFF89700F1041A6F509D6160E7789784CB24
                                                                                                                                                                                                                                                                          Function 0081E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • timeGetTime.WINMM ref: 0081E6B4
                                                                                                                                                                                                                                                                            • Part of subcall function 007CE551: timeGetTime.WINMM(?,?,0081E6D4), ref: 007CE555
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 0081E6E1
                                                                                                                                                                                                                                                                          • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0081E705
                                                                                                                                                                                                                                                                          • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0081E727
                                                                                                                                                                                                                                                                          • SetActiveWindow.USER32 ref: 0081E746
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0081E754
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 0081E773
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(000000FA), ref: 0081E77E
                                                                                                                                                                                                                                                                          • IsWindow.USER32 ref: 0081E78A
                                                                                                                                                                                                                                                                          • EndDialog.USER32(00000000), ref: 0081E79B
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                          • String ID: BUTTON
                                                                                                                                                                                                                                                                          • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                          • Opcode ID: 22c13e52455321b8ca7607fcb0225ed33e9f6ebc23cc8a47bcbf6cc2d1258a7e
                                                                                                                                                                                                                                                                          • Instruction ID: 3ea98f274d18cb4169a702da365f9b00772bda9d6865b8e2c172d0039125f18f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22c13e52455321b8ca7607fcb0225ed33e9f6ebc23cc8a47bcbf6cc2d1258a7e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96218174201204AFFB50DF68EC89E653BADFF76748F144424F915C22A1EB75AC80CB25
                                                                                                                                                                                                                                                                          Function 0081E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0081EA5D
                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0081EA73
                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0081EA84
                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0081EA96
                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0081EAA7
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                          • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                          • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                          • Opcode ID: e6bf2cb8509cf0db647adb5d170499a85c357bb953b725aa0141290a9e7839cb
                                                                                                                                                                                                                                                                          • Instruction ID: 466c79ea8bfe02a29b2e9699877d591223304839b2db0a0920f8bc2a81929720
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6bf2cb8509cf0db647adb5d170499a85c357bb953b725aa0141290a9e7839cb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1511BF20A50229B9D720A3A1DC4AEFB6F7CFFD1B40F000429B925E20D5EA744984C5B0
                                                                                                                                                                                                                                                                          Function 00819F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0081A012
                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 0081A07D
                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A0), ref: 0081A09D
                                                                                                                                                                                                                                                                          • GetKeyState.USER32(000000A0), ref: 0081A0B4
                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A1), ref: 0081A0E3
                                                                                                                                                                                                                                                                          • GetKeyState.USER32(000000A1), ref: 0081A0F4
                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000011), ref: 0081A120
                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 0081A12E
                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000012), ref: 0081A157
                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 0081A165
                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(0000005B), ref: 0081A18E
                                                                                                                                                                                                                                                                          • GetKeyState.USER32(0000005B), ref: 0081A19C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 541375521-0
                                                                                                                                                                                                                                                                          • Opcode ID: 497a251811f0993f0798f257375429fc50bc91dec2e6000eb5f95f13b0f4b153
                                                                                                                                                                                                                                                                          • Instruction ID: 7bb4f49127d558ea732d146b7d421f176b9fce52cb93254030d5f38b1a29d488
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 497a251811f0993f0798f257375429fc50bc91dec2e6000eb5f95f13b0f4b153
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E51B96490578469FB39DB64C4117EABFBCEF12340F084599D5C2D61C2DA649ACCC763
                                                                                                                                                                                                                                                                          Function 00815CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00815CE2
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00815CFB
                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00815D59
                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00815D69
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00815D7B
                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00815DCF
                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00815DDD
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00815DEF
                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00815E31
                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 00815E44
                                                                                                                                                                                                                                                                          • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00815E5A
                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00815E67
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                          • Opcode ID: df0719639641416704eabca035255ab84f0f749b18f3771593a4b201515f0403
                                                                                                                                                                                                                                                                          • Instruction ID: 0eb812a29dc43a0ca2b843a20ade7daea5dcc3de54e3bfe8f0eacaf70f353b37
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df0719639641416704eabca035255ab84f0f749b18f3771593a4b201515f0403
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE510E75B01609AFDF18CF68DD89AAEBBB9FF89300F148129F915E6290D7709E40CB50
                                                                                                                                                                                                                                                                          Function 007C8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007C8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,007C8BE8,?,00000000,?,?,?,?,007C8BBA,00000000,?), ref: 007C8FC5
                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 007C8C81
                                                                                                                                                                                                                                                                          • KillTimer.USER32(00000000,?,?,?,?,007C8BBA,00000000,?), ref: 007C8D1B
                                                                                                                                                                                                                                                                          • DestroyAcceleratorTable.USER32(00000000), ref: 00806973
                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,007C8BBA,00000000,?), ref: 008069A1
                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,007C8BBA,00000000,?), ref: 008069B8
                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,007C8BBA,00000000), ref: 008069D4
                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 008069E6
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 641708696-0
                                                                                                                                                                                                                                                                          • Opcode ID: 59f78126dd5f9fda10547256c65b812d82d84c57e13774994908d9309df60b37
                                                                                                                                                                                                                                                                          • Instruction ID: bcb263434e6f0378092e68be610bd50ffb88919ec2be2df314bcc872dc5a5daf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59f78126dd5f9fda10547256c65b812d82d84c57e13774994908d9309df60b37
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3561BD31102A10DFCBB59F18DD48B25BBF5FB41312F14456CE0429BAA0CB39ACA1DFA6
                                                                                                                                                                                                                                                                          Function 007C9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9944: GetWindowLongW.USER32(?,000000EB), ref: 007C9952
                                                                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 007C9862
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 259745315-0
                                                                                                                                                                                                                                                                          • Opcode ID: e0d57f440088004a5f9b58c821e61bbba51619d6b014fa08e57b2500c340d0d0
                                                                                                                                                                                                                                                                          • Instruction ID: 5b267e0ef934107272f051fbd7921e2ba9c0aa5ba0533bccb465315cd8ecbcb9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0d57f440088004a5f9b58c821e61bbba51619d6b014fa08e57b2500c340d0d0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79417D35505640AFDBA05F389C88FB93BA9FB47330F14465DFAA2871E2D735A942DB10
                                                                                                                                                                                                                                                                          Function 007E8D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: .}
                                                                                                                                                                                                                                                                          • API String ID: 0-2266125135
                                                                                                                                                                                                                                                                          • Opcode ID: f9e43d3984fe416a90cab7291451a35ea3c5704c9c9fbed47d7df97e1be1d1ea
                                                                                                                                                                                                                                                                          • Instruction ID: 2be937ed8ee9abca35004e715190fcad8cb3275e3a1b5ce37c4b2fe708a5de9b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9e43d3984fe416a90cab7291451a35ea3c5704c9c9fbed47d7df97e1be1d1ea
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AC13675905289EFCF51DFAAC844BADBBB0BF0D310F044199E619AB392C7389941CF61
                                                                                                                                                                                                                                                                          Function 008196E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,007FF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00819717
                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,007FF7F8,00000001), ref: 00819720
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,007FF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00819742
                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,007FF7F8,00000001), ref: 00819745
                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00819866
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                          • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                          • Opcode ID: 3cfda51a4965d2061224a6e9395e96e044ee31c20fcd36766a41474d2b0354b4
                                                                                                                                                                                                                                                                          • Instruction ID: 3da26277cd922559b3b0e6bc49e58a195898d5cb668853ce9604f15d9db22a2e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cfda51a4965d2061224a6e9395e96e044ee31c20fcd36766a41474d2b0354b4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF411371800219AACB04EBE4DD9AEEEB77CFF55340F504465F605B2192EB396F88CB61
                                                                                                                                                                                                                                                                          Function 008106DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A
                                                                                                                                                                                                                                                                          • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 008107A2
                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 008107BE
                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 008107DA
                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00810804
                                                                                                                                                                                                                                                                          • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0081082C
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00810837
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0081083C
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                          • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                          • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                          • Opcode ID: 18910849108dce7a890fcdc0a30a1b75a0a00d841621e82f73c55500dd898c4d
                                                                                                                                                                                                                                                                          • Instruction ID: c41c86ff60da3f0400585c3dd958b69d18e7d4d9c590baab1d0996459de86142
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18910849108dce7a890fcdc0a30a1b75a0a00d841621e82f73c55500dd898c4d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B413872C00229EBDF11EBA4DC89DEEB778FF04340B144129E915A31A1EB74AE84CF90
                                                                                                                                                                                                                                                                          Function 00843F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0084403B
                                                                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 00844042
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00844055
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0084405D
                                                                                                                                                                                                                                                                          • GetPixel.GDI32(00000000,00000000,00000000), ref: 00844068
                                                                                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 00844072
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 0084407C
                                                                                                                                                                                                                                                                          • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00844092
                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 0084409E
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                                                                                          • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                          • Opcode ID: f43762fff08b41bb2b9b57e8f9cd59e48343ad725734019cddc951b628d8b9b9
                                                                                                                                                                                                                                                                          • Instruction ID: 4b38fab7eda6b3b3ef4c4f8c1fe1da5bb9d282187d89e48847d2a202fdd98c2e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f43762fff08b41bb2b9b57e8f9cd59e48343ad725734019cddc951b628d8b9b9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43315A36502219ABDF619FA8DC09FDA3B6CFF0E324F110215FA59E61A0D775D820DB54
                                                                                                                                                                                                                                                                          Function 00833C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00833C5C
                                                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00833C8A
                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 00833C94
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00833D2D
                                                                                                                                                                                                                                                                          • GetRunningObjectTable.OLE32(00000000,?), ref: 00833DB1
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,00000029), ref: 00833ED5
                                                                                                                                                                                                                                                                          • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00833F0E
                                                                                                                                                                                                                                                                          • CoGetObject.OLE32(?,00000000,0084FB98,?), ref: 00833F2D
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000), ref: 00833F40
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00833FC4
                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00833FD8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 429561992-0
                                                                                                                                                                                                                                                                          • Opcode ID: 310b64ab8eba9e7c3be35206d2d3682098833e9b83f6811a07eb76747ff0ddf8
                                                                                                                                                                                                                                                                          • Instruction ID: b0c05532ad7d56a888cb74c4010604013c8d576b1888322cbecfbabd622cf773
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 310b64ab8eba9e7c3be35206d2d3682098833e9b83f6811a07eb76747ff0ddf8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDC11271608205AFD700DF68C88496BBBE9FF89748F10491DF98ADB211DB71EE45CB92
                                                                                                                                                                                                                                                                          Function 00827A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00827AF3
                                                                                                                                                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00827B8F
                                                                                                                                                                                                                                                                          • SHGetDesktopFolder.SHELL32(?), ref: 00827BA3
                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(0084FD08,00000000,00000001,00876E6C,?), ref: 00827BEF
                                                                                                                                                                                                                                                                          • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00827C74
                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?,?), ref: 00827CCC
                                                                                                                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 00827D57
                                                                                                                                                                                                                                                                          • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00827D7A
                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00827D81
                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00827DD6
                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 00827DDC
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5ed7ae773a31b71ac91a7124bae52729996454adf448d54e7855004a417f8db4
                                                                                                                                                                                                                                                                          • Instruction ID: 3e07028b8b9a9bdecc91e7ec1a2ce444fd55c8370204e76c459b60ea7b55d35e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ed7ae773a31b71ac91a7124bae52729996454adf448d54e7855004a417f8db4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DC14B75A00119EFCB14DFA4D888DAEBBF9FF48304B1484A9E916DB261D730ED81CB90
                                                                                                                                                                                                                                                                          Function 0084541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00845504
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00845515
                                                                                                                                                                                                                                                                          • CharNextW.USER32(00000158), ref: 00845544
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00845585
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0084559B
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 008455AC
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                          • Opcode ID: 4cfbe50355e38dd0333251ad56e587f816efc3953ca398ac610f21f2b0026575
                                                                                                                                                                                                                                                                          • Instruction ID: 8dfd5ab271c0b9f81d60831491258d3683578e9a2e4c0435a98da25e36755efd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4cfbe50355e38dd0333251ad56e587f816efc3953ca398ac610f21f2b0026575
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21619F7490560CEFDF509F64CC849FE7BB9FB06728F108149F925EA292D7748A81DB60
                                                                                                                                                                                                                                                                          Function 0080FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0080FAAF
                                                                                                                                                                                                                                                                          • SafeArrayAllocData.OLEAUT32(?), ref: 0080FB08
                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 0080FB1A
                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 0080FB3A
                                                                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 0080FB8D
                                                                                                                                                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 0080FBA1
                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0080FBB6
                                                                                                                                                                                                                                                                          • SafeArrayDestroyData.OLEAUT32(?), ref: 0080FBC3
                                                                                                                                                                                                                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0080FBCC
                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0080FBDE
                                                                                                                                                                                                                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0080FBE9
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                          • Opcode ID: 73454fe1ff715a895f3dcde965c7f42dbf9aa5f6f8979d3327ca3674efa20e18
                                                                                                                                                                                                                                                                          • Instruction ID: e1a3dc52d10de2c2d2ec2c207d72e608bbb37b7187ac62d38be907bfa884417d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73454fe1ff715a895f3dcde965c7f42dbf9aa5f6f8979d3327ca3674efa20e18
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63415F35A01219DFCB50DF68CC689AEBBB9FF49354F00C069E945E7262CB34A945CFA4
                                                                                                                                                                                                                                                                          Function 00819C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 00819CA1
                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A0), ref: 00819D22
                                                                                                                                                                                                                                                                          • GetKeyState.USER32(000000A0), ref: 00819D3D
                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A1), ref: 00819D57
                                                                                                                                                                                                                                                                          • GetKeyState.USER32(000000A1), ref: 00819D6C
                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000011), ref: 00819D84
                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 00819D96
                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000012), ref: 00819DAE
                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 00819DC0
                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(0000005B), ref: 00819DD8
                                                                                                                                                                                                                                                                          • GetKeyState.USER32(0000005B), ref: 00819DEA
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 541375521-0
                                                                                                                                                                                                                                                                          • Opcode ID: d386c8a2160d8b4e9696b6cff84dd06ffe703883b29f3161f89eec673f896949
                                                                                                                                                                                                                                                                          • Instruction ID: 4ac756ada051ed6f5c97e8d2a3ef22eafb4b79da475fa8f9ee0feff2d421e4d1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d386c8a2160d8b4e9696b6cff84dd06ffe703883b29f3161f89eec673f896949
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E241D5346047C96DFF708664D8243F5BEE8FF12344F08805ADAC6965C2EBA499C8C7A2
                                                                                                                                                                                                                                                                          Function 0083055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • WSAStartup.WSOCK32(00000101,?), ref: 008305BC
                                                                                                                                                                                                                                                                          • inet_addr.WSOCK32(?), ref: 0083061C
                                                                                                                                                                                                                                                                          • gethostbyname.WSOCK32(?), ref: 00830628
                                                                                                                                                                                                                                                                          • IcmpCreateFile.IPHLPAPI ref: 00830636
                                                                                                                                                                                                                                                                          • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 008306C6
                                                                                                                                                                                                                                                                          • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 008306E5
                                                                                                                                                                                                                                                                          • IcmpCloseHandle.IPHLPAPI(?), ref: 008307B9
                                                                                                                                                                                                                                                                          • WSACleanup.WSOCK32 ref: 008307BF
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                          • String ID: Ping
                                                                                                                                                                                                                                                                          • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                          • Opcode ID: 9f1c6d2bd0c054155880706f675eafd4543a66b097340ad0e4c8344b4ee3406b
                                                                                                                                                                                                                                                                          • Instruction ID: 890a9b139598f197213da5b6c45959010b813cdda79e84996e8a0abf4f09147b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f1c6d2bd0c054155880706f675eafd4543a66b097340ad0e4c8344b4ee3406b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A9167356082019FD320DF19C899B1ABBE4FF88318F1485A9E46ADB6A2C735EC41CFD1
                                                                                                                                                                                                                                                                          Function 00838CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                          • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                          • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                          • Opcode ID: 3e86d6065a0e9a89aea144e1dd64b6321b5c080b7a0bf494f6e246c3cd337bbe
                                                                                                                                                                                                                                                                          • Instruction ID: 90a78edcf8663f084168a90b63eb67ea37c53a765f1495acc384709c61ec4946
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e86d6065a0e9a89aea144e1dd64b6321b5c080b7a0bf494f6e246c3cd337bbe
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D518031A00616DBCF14DF68C9909BEB7A5FFA4724B214229F526E7284EB35DD44C7D0
                                                                                                                                                                                                                                                                          Function 0083372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CoInitialize.OLE32 ref: 00833774
                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 0083377F
                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000017,0084FB78,?), ref: 008337D9
                                                                                                                                                                                                                                                                          • IIDFromString.OLE32(?,?), ref: 0083384C
                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 008338E4
                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00833936
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                          • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                          • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                          • Opcode ID: 6b29be6bb1937d9edfe9d6fd0db38bbc51a82e99456c34b2f48f8574a17e85e7
                                                                                                                                                                                                                                                                          • Instruction ID: 6cddecab79ad8871549343a6c0d4c90db660dbfc4de05ef1879aa6d1fe3bd628
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b29be6bb1937d9edfe9d6fd0db38bbc51a82e99456c34b2f48f8574a17e85e7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD6159B4608301AFD310DF54C889B6ABBE8FF89714F104929F995DB291C774EE48CB92
                                                                                                                                                                                                                                                                          Function 00823388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 008233CF
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 008233F0
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                          • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                          • Opcode ID: 7142b1ed3cb79f5af9ccfd49f4bf376ca0e2db01c250d55f187c9cc3b900ca74
                                                                                                                                                                                                                                                                          • Instruction ID: 4306ef850d39e4e6f7aad73a72c4e0ff3be64cf4962e258a73550ceb2f8df60b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7142b1ed3cb79f5af9ccfd49f4bf376ca0e2db01c250d55f187c9cc3b900ca74
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA51A371800219EADF14EBA0DD5AEEEB7B8FF14340F204065F119B2151EB396F98DB61
                                                                                                                                                                                                                                                                          Function 0081B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                          • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                          • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                          • Opcode ID: 61c0155671e3f2669a1662d988e1b2342c69914ace5b6fea8ffac2fa343b47da
                                                                                                                                                                                                                                                                          • Instruction ID: cb380ac7da1442273fc2c591bf2d50ce2b3ccfaaaa10d0ee1fe13686e9b32751
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61c0155671e3f2669a1662d988e1b2342c69914ace5b6fea8ffac2fa343b47da
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D41A032A001269BCB206F7988A05FEB7A9FFB17A4F244229E525D7284F735CDC1C690
                                                                                                                                                                                                                                                                          Function 00825393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 008253A0
                                                                                                                                                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00825416
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00825420
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,READY), ref: 008254A7
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                          • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                          • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                          • Opcode ID: c3472e5c528a082446a2894f8633d010d2591f534d079579d86b0b40f5de2b2b
                                                                                                                                                                                                                                                                          • Instruction ID: 50c0c3b545787483bf7cbd5eab23f08f67032dfe1d1d9d40023dd666d82a3c06
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3472e5c528a082446a2894f8633d010d2591f534d079579d86b0b40f5de2b2b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D31D2B5A40614DFD710EF68D488BAABBB4FF05305F148066E505CB292E771DDC6CBA0
                                                                                                                                                                                                                                                                          Function 00843C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateMenu.USER32 ref: 00843C79
                                                                                                                                                                                                                                                                          • SetMenu.USER32(?,00000000), ref: 00843C88
                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00843D10
                                                                                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 00843D24
                                                                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 00843D2E
                                                                                                                                                                                                                                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00843D5B
                                                                                                                                                                                                                                                                          • DrawMenuBar.USER32 ref: 00843D63
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                          • String ID: 0$F
                                                                                                                                                                                                                                                                          • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                          • Opcode ID: 71c8fd9c983dba33de3926d474a02cbfeb2434a30892d7ed57d4c19cce65d648
                                                                                                                                                                                                                                                                          • Instruction ID: fd888473996f90fdc6f8c2a8df4fb9a123c2a2671e5dc7477db360518a91c825
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71c8fd9c983dba33de3926d474a02cbfeb2434a30892d7ed57d4c19cce65d648
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA412779A02209EFDB14DF64D884BAEBBB9FF49350F140029E956A7360D770AA11CB94
                                                                                                                                                                                                                                                                          Function 00811EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                            • Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00811F64
                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32 ref: 00811F6F
                                                                                                                                                                                                                                                                          • GetParent.USER32 ref: 00811F8B
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00811F8E
                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 00811F97
                                                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00811FAB
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00811FAE
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                          • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                          • Opcode ID: baf27075a124c8aeae314851a3b7f90137e49caa0000450ad59482434fb60a6d
                                                                                                                                                                                                                                                                          • Instruction ID: 4d3bc2548a1a7201342eff14d7863019603d101ce725feafc6decb823a6afb35
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: baf27075a124c8aeae314851a3b7f90137e49caa0000450ad59482434fb60a6d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F321B374A00118BBCF44AFA0CC89AEEBBB8FF16314F104119BA65A7291DB785949DB60
                                                                                                                                                                                                                                                                          Function 00811FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                            • Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00812043
                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32 ref: 0081204E
                                                                                                                                                                                                                                                                          • GetParent.USER32 ref: 0081206A
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 0081206D
                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 00812076
                                                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0081208A
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 0081208D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                          • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                          • Opcode ID: f1fd6916b25bbd3dfc6e1c15c44d4a978097a7e7ba87c753da7ef50d33173ae3
                                                                                                                                                                                                                                                                          • Instruction ID: 5d8af3269f41b278c269c2139d875599891a2ce7111731a0f9cbd4470951da0b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1fd6916b25bbd3dfc6e1c15c44d4a978097a7e7ba87c753da7ef50d33173ae3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9121D7B5900218BBCF14AFA0CC89EFEBBBCFF19344F104005BA65A7191D7794554DB60
                                                                                                                                                                                                                                                                          Function 00843A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00843A9D
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00843AA0
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00843AC7
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00843AEA
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00843B62
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00843BAC
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00843BC7
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00843BE2
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00843BF6
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00843C13
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 312131281-0
                                                                                                                                                                                                                                                                          • Opcode ID: b36c6fa13d8c906a34c9adcb2f31529d9fdf4a57c04368defd06e6e247e5a32e
                                                                                                                                                                                                                                                                          • Instruction ID: 06b1834d92bbfcd46ba937aa7ff566edff02a09fb7628493f902ccb89660bb0e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b36c6fa13d8c906a34c9adcb2f31529d9fdf4a57c04368defd06e6e247e5a32e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB617775A00208AFDB11DFA8CC85EEEB7B8FB09714F104199FA15E72A1C774AA46DF50
                                                                                                                                                                                                                                                                          Function 0081B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0081B151
                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B165
                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000), ref: 0081B16C
                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B17B
                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 0081B18D
                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B1A6
                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B1B8
                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B1FD
                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B212
                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B21D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2ce2ec533c8e28eec879781e5703d6e6d5a3ea3c9dbf2e818ce61bdc61ed408b
                                                                                                                                                                                                                                                                          • Instruction ID: d7dfd91ac48a9c2f86063d4c9b0975a32e418046316e917454caa7fa5a5ea460
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ce2ec533c8e28eec879781e5703d6e6d5a3ea3c9dbf2e818ce61bdc61ed408b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D31A9B5601604BFDB10AF68DC58FAD7BADFF62711F218009FA01DA190D7B49A84CF64
                                                                                                                                                                                                                                                                          Function 007E2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E2C94
                                                                                                                                                                                                                                                                            • Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
                                                                                                                                                                                                                                                                            • Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E2CA0
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E2CAB
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E2CB6
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E2CC1
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E2CCC
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E2CD7
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E2CE2
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E2CED
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E2CFB
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6a5642ee0f4265d412e1b5124f56cbb85029b90440b2839ac6e66c2600181a35
                                                                                                                                                                                                                                                                          • Instruction ID: 652d438804ef9c724adc7d609681b5c562699d3d061682c5deed2efa36a3ee23
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a5642ee0f4265d412e1b5124f56cbb85029b90440b2839ac6e66c2600181a35
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D11B376101148EFCB02EF56D846C9D3BA9BF09350F5254A0FA48AB233D639EA519F90
                                                                                                                                                                                                                                                                          Function 00827DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00827FAD
                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00827FC1
                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 00827FEB
                                                                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00828005
                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00828017
                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00828060
                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 008280B0
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                          • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                          • Opcode ID: 15159bcc5d01456358efb080b8c0ba9bf1e9d4648a77b2db2fdfa16cbe39be94
                                                                                                                                                                                                                                                                          • Instruction ID: 04672a6c4cc442ebd48c1820beb9078b5bb82227de0c67f45853a57616257c1e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15159bcc5d01456358efb080b8c0ba9bf1e9d4648a77b2db2fdfa16cbe39be94
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0281C076508255DBCB20EF15D844AAAB3E8FF88714F55486EF885C7250EB34ED84CBA2
                                                                                                                                                                                                                                                                          Function 007B5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EB), ref: 007B5C7A
                                                                                                                                                                                                                                                                            • Part of subcall function 007B5D0A: GetClientRect.USER32(?,?), ref: 007B5D30
                                                                                                                                                                                                                                                                            • Part of subcall function 007B5D0A: GetWindowRect.USER32(?,?), ref: 007B5D71
                                                                                                                                                                                                                                                                            • Part of subcall function 007B5D0A: ScreenToClient.USER32(?,?), ref: 007B5D99
                                                                                                                                                                                                                                                                          • GetDC.USER32 ref: 007F46F5
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 007F4708
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 007F4716
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 007F472B
                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 007F4733
                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 007F47C4
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                                                                                          • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                          • Opcode ID: 51bfc8d57aa8a0e34585e1a044a973e03e8b4678cecb6ab39cbe38197646279b
                                                                                                                                                                                                                                                                          • Instruction ID: 02f2abdcbaf424dbf86495f22651afc7e668d08a574b6fb4baaeab3f8151260d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51bfc8d57aa8a0e34585e1a044a973e03e8b4678cecb6ab39cbe38197646279b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF71E135500209DFCF219F68C984BFB7BB6FF4A360F144269EE559A266C7398841DF60
                                                                                                                                                                                                                                                                          Function 0082359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 008235E4
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00882390,?,00000FFF,?), ref: 0082360A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                          • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                          • Opcode ID: 77649d3f5a9ae6c421c0708659f2871c0036acc6fc8808a0481f2c536b6c3605
                                                                                                                                                                                                                                                                          • Instruction ID: a48a8a34419c28ff3563222028f5279c371d02c04acc1052cbd9fadf4c8e0768
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77649d3f5a9ae6c421c0708659f2871c0036acc6fc8808a0481f2c536b6c3605
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE513B71800219FACF14EBA4DC9AEEEBB78FF14300F144125F215A21A1EB395AD9DF61
                                                                                                                                                                                                                                                                          Function 00848B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                                                                                                                                                                                                                            • Part of subcall function 007C912D: GetCursorPos.USER32(?), ref: 007C9141
                                                                                                                                                                                                                                                                            • Part of subcall function 007C912D: ScreenToClient.USER32(00000000,?), ref: 007C915E
                                                                                                                                                                                                                                                                            • Part of subcall function 007C912D: GetAsyncKeyState.USER32(00000001), ref: 007C9183
                                                                                                                                                                                                                                                                            • Part of subcall function 007C912D: GetAsyncKeyState.USER32(00000002), ref: 007C919D
                                                                                                                                                                                                                                                                          • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00848B6B
                                                                                                                                                                                                                                                                          • ImageList_EndDrag.COMCTL32 ref: 00848B71
                                                                                                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 00848B77
                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,00000000), ref: 00848C12
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00848C25
                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00848CFF
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                          • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                          • Opcode ID: 76f70304917cb9848fc4a7fb1fd4e2151092bc834d9990ae5dfd25fd13e7949f
                                                                                                                                                                                                                                                                          • Instruction ID: cd7ee7684c5200a518a8d975bad4f5a53b9271fedbb12ef62b5b572548c68286
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76f70304917cb9848fc4a7fb1fd4e2151092bc834d9990ae5dfd25fd13e7949f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB516C71105304AFD740EF24DC9AFAE7BE8FB88714F40062DFA56972A1DB74A904CB62
                                                                                                                                                                                                                                                                          Function 0082C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0082C272
                                                                                                                                                                                                                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0082C29A
                                                                                                                                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0082C2CA
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0082C322
                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?), ref: 0082C336
                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0082C341
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                          • Opcode ID: 8034bf4c8262d34c9def46e377874ab1b2221defc5f4d5c38e9963dbdc3cabf2
                                                                                                                                                                                                                                                                          • Instruction ID: 3a89b5d80945110745e383bff48d8acbcafa968d149f7bdf3c7c825cde2d7352
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8034bf4c8262d34c9def46e377874ab1b2221defc5f4d5c38e9963dbdc3cabf2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F317CB5500618AFD721DFA8A888ABF7AFCFB49744B10891EA446D2200DB74DD848B61
                                                                                                                                                                                                                                                                          Function 0081989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,007F3AAF,?,?,Bad directive syntax error,0084CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 008198BC
                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,007F3AAF,?), ref: 008198C3
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00819987
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                          • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                          • Opcode ID: fd1863f1c27539792cbbf70b8af028657b1bb30e9cc320a01425770b1479bf00
                                                                                                                                                                                                                                                                          • Instruction ID: e1bbf06c5e3e51803466a8de2ed01a127228210785854a541e8f189fb746ae31
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd1863f1c27539792cbbf70b8af028657b1bb30e9cc320a01425770b1479bf00
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B21713180021DFBCF15AF90CC1AEEE7B79FF14304F044459F629A61A2EB3996A8CB10
                                                                                                                                                                                                                                                                          Function 0081209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetParent.USER32 ref: 008120AB
                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(00000000,?,00000100), ref: 008120C0
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0081214D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                          • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                          • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                          • Opcode ID: 6892a3a97441899cfb81af8dcdf1fe6a99f3574a5f61602b55ff6310859656e3
                                                                                                                                                                                                                                                                          • Instruction ID: cab16a55a736dad167132639c66e664090987a771a4beaa6e93f9de000dcc777
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6892a3a97441899cfb81af8dcdf1fe6a99f3574a5f61602b55ff6310859656e3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7113A7A684706FAF705A220DC0ACFA33ACFF15324B20801AFB08F41D1FBA9B8915614
                                                                                                                                                                                                                                                                          Function 007ECE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8321e2c0fa5952564485060166c2f5765e33a2a55eacae668c18c89f0fd95f37
                                                                                                                                                                                                                                                                          • Instruction ID: fe8dd19ac04ea27b3e7256d47128b552c4b5116a2b9408b64761d3a90be52154
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8321e2c0fa5952564485060166c2f5765e33a2a55eacae668c18c89f0fd95f37
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4614C77906384EFDB32AFBA984966D7BA9AF0D310F04456DF940A7243D63D9D028B50
                                                                                                                                                                                                                                                                          Function 008450D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00845186
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 008451C7
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005,?,00000000), ref: 008451CD
                                                                                                                                                                                                                                                                          • SetFocus.USER32(?,?,00000005,?,00000000), ref: 008451D1
                                                                                                                                                                                                                                                                            • Part of subcall function 00846FBA: DeleteObject.GDI32(00000000), ref: 00846FE6
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 0084520D
                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0084521A
                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0084524D
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00845287
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00845296
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8f0a84837acae2106faca4cfe8207961aef71eed7c610e1a167031ebecd97dc6
                                                                                                                                                                                                                                                                          • Instruction ID: 75e6c107adff9cb8b1013354cbe0fab6900dfba01e3ccc17adeb4e9faf1527d8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f0a84837acae2106faca4cfe8207961aef71eed7c610e1a167031ebecd97dc6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A519C30A41A1CFFEF609F28CC4AB9D7B65FB05325F148016FA25D62E2C7B5A980DB41
                                                                                                                                                                                                                                                                          Function 007C8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00806890
                                                                                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 008068A9
                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 008068B9
                                                                                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 008068D1
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 008068F2
                                                                                                                                                                                                                                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,007C8874,00000000,00000000,00000000,000000FF,00000000), ref: 00806901
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0080691E
                                                                                                                                                                                                                                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,007C8874,00000000,00000000,00000000,000000FF,00000000), ref: 0080692D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                          • Opcode ID: 711e42a9a0a428c5c1f22cd27fe0e912172af0326fa9979c58ea1f0744ffc6d0
                                                                                                                                                                                                                                                                          • Instruction ID: 5e0b3aa9ee89f5fef339af56f5f62f411b8c91e415d8fa41549e1ec92fd17814
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 711e42a9a0a428c5c1f22cd27fe0e912172af0326fa9979c58ea1f0744ffc6d0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC5169B0600209EFDB608F28CC55FAA7BB9FB54750F10452CF906D62A0EB74ADA0DB50
                                                                                                                                                                                                                                                                          Function 0082C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0082C182
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0082C195
                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?), ref: 0082C1A9
                                                                                                                                                                                                                                                                            • Part of subcall function 0082C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0082C272
                                                                                                                                                                                                                                                                            • Part of subcall function 0082C253: GetLastError.KERNEL32 ref: 0082C322
                                                                                                                                                                                                                                                                            • Part of subcall function 0082C253: SetEvent.KERNEL32(?), ref: 0082C336
                                                                                                                                                                                                                                                                            • Part of subcall function 0082C253: InternetCloseHandle.WININET(00000000), ref: 0082C341
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 337547030-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1392931aa63f858ddfd21a0f10396e5e67c51c1ebaafeffc0c2336b9c4281c31
                                                                                                                                                                                                                                                                          • Instruction ID: 1fad6b94899d83c3edd4abb21bee5866492c9e844697abbb36857ef45cc2a9d1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1392931aa63f858ddfd21a0f10396e5e67c51c1ebaafeffc0c2336b9c4281c31
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E317A75201A15EFDB219FA9ED44A7ABBECFF19300B00441EF956C3610DB71E894DBA0
                                                                                                                                                                                                                                                                          Function 008125A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00813A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00813A57
                                                                                                                                                                                                                                                                            • Part of subcall function 00813A3D: GetCurrentThreadId.KERNEL32 ref: 00813A5E
                                                                                                                                                                                                                                                                            • Part of subcall function 00813A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008125B3), ref: 00813A65
                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 008125BD
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 008125DB
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 008125DF
                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 008125E9
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00812601
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00812605
                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 0081260F
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00812623
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00812627
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7b0984cd7907b28f8c79523810c55c46ad1e50261fb4f8d92e5bf4eee38d5269
                                                                                                                                                                                                                                                                          • Instruction ID: 493717cd3c3f6c731c72a4779ce87681a4376879d2b4514bf4dd99fd7cefdc96
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b0984cd7907b28f8c79523810c55c46ad1e50261fb4f8d92e5bf4eee38d5269
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F001D430391624BBFB5067689C8AF993F5DFF5EB12F100005F318EE0D1C9E22484CAAA
                                                                                                                                                                                                                                                                          Function 00811803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00811449,?,?,00000000), ref: 0081180C
                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00811449,?,?,00000000), ref: 00811813
                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00811449,?,?,00000000), ref: 00811828
                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000,?,00811449,?,?,00000000), ref: 00811830
                                                                                                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000,?,00811449,?,?,00000000), ref: 00811833
                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00811449,?,?,00000000), ref: 00811843
                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00811449,00000000,?,00811449,?,?,00000000), ref: 0081184B
                                                                                                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000,?,00811449,?,?,00000000), ref: 0081184E
                                                                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,00811874,00000000,00000000,00000000), ref: 00811868
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                          • Opcode ID: fbffd52bbafdab8eaa33673d74369d63bcf9bc1551bdd7e9b8d689e1d5a860b4
                                                                                                                                                                                                                                                                          • Instruction ID: e1545f617d9ed093512c0ae81740e26d641096b2133053a529326da6fffc7ba4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbffd52bbafdab8eaa33673d74369d63bcf9bc1551bdd7e9b8d689e1d5a860b4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C01BF75241304BFE750AFA5DC4DF577B6CFB8AB11F004411FA05DB291C6749800CB20
                                                                                                                                                                                                                                                                          Function 007E3E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                          • String ID: }}}$}}}$}}}
                                                                                                                                                                                                                                                                          • API String ID: 1036877536-3712723652
                                                                                                                                                                                                                                                                          • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                          • Instruction ID: 2ef9044cc96cb930592fc49d528f646039efd0b3cf06b1c9450ee25cef0daeb1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54A13672E023CA9FDB25CE1AC8957AEBBF4EF69350F1441ADE5859B282C23C9941C750
                                                                                                                                                                                                                                                                          Function 0083A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0081D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0081D501
                                                                                                                                                                                                                                                                            • Part of subcall function 0081D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0081D50F
                                                                                                                                                                                                                                                                            • Part of subcall function 0081D4DC: CloseHandle.KERNELBASE(00000000), ref: 0081D5DC
                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0083A16D
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0083A180
                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0083A1B3
                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000), ref: 0083A268
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 0083A273
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0083A2C4
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                          • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                          • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                          • Opcode ID: a88f93238cd0c984cff6eeb4d7c2add1d401e09bab9853f6241ff7b1cc215371
                                                                                                                                                                                                                                                                          • Instruction ID: 4d846aa3c4f8722dd4e7e7ae55cdf7a52d50d44e2fa4fc403450ff3e8d7537ae
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a88f93238cd0c984cff6eeb4d7c2add1d401e09bab9853f6241ff7b1cc215371
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA617C352042419FD724DF18C498F6ABBE5FF94318F18848CE4A68B7A2C776EC45CB92
                                                                                                                                                                                                                                                                          Function 00843886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00843925
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0084393A
                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00843954
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00843999
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001057,00000000,?), ref: 008439C6
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001061,?,0000000F), ref: 008439F4
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                          • String ID: SysListView32
                                                                                                                                                                                                                                                                          • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                          • Opcode ID: 516584b5e9d54be3f3f86b86adc7f4aa4f35022470e1b525bffc4f1d72398f33
                                                                                                                                                                                                                                                                          • Instruction ID: c4156df9ba1ecace648a7964666f7849b244d3472a945f105902a763cd32c8c1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 516584b5e9d54be3f3f86b86adc7f4aa4f35022470e1b525bffc4f1d72398f33
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB419071A0021DABEF219F64CC49FEA7BA9FF18354F10052AF958E7281D7759A84CB90
                                                                                                                                                                                                                                                                          Function 0081BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0081BCFD
                                                                                                                                                                                                                                                                          • IsMenu.USER32(00000000), ref: 0081BD1D
                                                                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 0081BD53
                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(01535380), ref: 0081BDA4
                                                                                                                                                                                                                                                                          • InsertMenuItemW.USER32(01535380,?,00000001,00000030), ref: 0081BDCC
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                          • String ID: 0$2
                                                                                                                                                                                                                                                                          • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                          • Opcode ID: d40a031f9b1c6e555172a7e0ff5f2f74f58140553fb3cbf8237a4a43a56fee47
                                                                                                                                                                                                                                                                          • Instruction ID: 8c04d156cbcd072e3a0200ddd7f069fc3ae875498a4e437ceabaad1bdcd5e795
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d40a031f9b1c6e555172a7e0ff5f2f74f58140553fb3cbf8237a4a43a56fee47
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B519D70A002099BDB18CFA8E884BEEBBFCFF59354F144159E411D7291D7709981CB62
                                                                                                                                                                                                                                                                          Function 007D2D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 007D2D4B
                                                                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 007D2D53
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 007D2DE1
                                                                                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 007D2E0C
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 007D2E61
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                          • String ID: &H}$csm
                                                                                                                                                                                                                                                                          • API String ID: 1170836740-1162412510
                                                                                                                                                                                                                                                                          • Opcode ID: 8608dd33a8c4024f99c47c004bc79eaaa6db64ddcb8d5e521ab2ea8eeb40b62f
                                                                                                                                                                                                                                                                          • Instruction ID: 118d084391ac4172cf6fee337a7ac770208e97e22df8aaa1233abafc2b610a67
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8608dd33a8c4024f99c47c004bc79eaaa6db64ddcb8d5e521ab2ea8eeb40b62f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73418334A00209EBCF10DF68C849A9EBBB5BF55325F148156E814AB393D739EA07CBD1
                                                                                                                                                                                                                                                                          Function 0081C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadIconW.USER32(00000000,00007F03), ref: 0081C913
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: IconLoad
                                                                                                                                                                                                                                                                          • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                          • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                          • Opcode ID: 2ae56a1f4dc3212ac7c34fc668664f4e552b34b3bb489755a5fd78101758795b
                                                                                                                                                                                                                                                                          • Instruction ID: 9807f232328a5f0a175306db4e8cf3e36ccffc431eef0a70c28afb61f8944fc9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ae56a1f4dc3212ac7c34fc668664f4e552b34b3bb489755a5fd78101758795b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F11EB316C970ABBE7055B64DCC3DEE6BACFF153A8B10402BF504EA382E7749D805268
                                                                                                                                                                                                                                                                          Function 0081DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                          • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                          • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                          • Opcode ID: 544cc2d6566cefca5901b3a7a38654140cded48795a79ac0ab11eb7e5ea58679
                                                                                                                                                                                                                                                                          • Instruction ID: ff9669d03a003c2c052ca9fd71111b7b7fce2ec781579f1f722ec9a6799b6424
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 544cc2d6566cefca5901b3a7a38654140cded48795a79ac0ab11eb7e5ea58679
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82110671904208ABCB20AB74DC4AFEE77BCFF11712F00016AF445EA191EF789AC1CA60
                                                                                                                                                                                                                                                                          Function 00849F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000000F), ref: 00849FC7
                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000000F), ref: 00849FE7
                                                                                                                                                                                                                                                                          • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0084A224
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0084A242
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0084A263
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000003,00000000), ref: 0084A282
                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 0084A2A7
                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000005,?,?), ref: 0084A2CA
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1211466189-0
                                                                                                                                                                                                                                                                          • Opcode ID: cfa2600791feda47e4410ac7a1c10ca1013f761378e6637d5e52cee1dbe0d7db
                                                                                                                                                                                                                                                                          • Instruction ID: 16be15c9631476998185123445340289ee5e948179f8a3665175c0a5948b9631
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfa2600791feda47e4410ac7a1c10ca1013f761378e6637d5e52cee1dbe0d7db
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BEB1A831640229EFDF18CF68C9857AA7BB2FF48701F088169EC49DF295DB71AA40DB51
                                                                                                                                                                                                                                                                          Function 0081ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 952045576-0
                                                                                                                                                                                                                                                                          • Opcode ID: 04c5372de8eb1873e21e32fb3d03d5a2fb39121935eb3c7a8b5c5d4eb1ae946c
                                                                                                                                                                                                                                                                          • Instruction ID: 389caaa2f7e6486d3cd412b7bc9ee63a3f130b795d9126dbcf6affb63562bb78
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04c5372de8eb1873e21e32fb3d03d5a2fb39121935eb3c7a8b5c5d4eb1ae946c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38413066C10118B6CB11ABA4CC8A9CFB7BCBF45710F508567E914E3221EB38F655C7A5
                                                                                                                                                                                                                                                                          Function 007CF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0080682C,00000004,00000000,00000000), ref: 007CF953
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0080682C,00000004,00000000,00000000), ref: 0080F3D1
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0080682C,00000004,00000000,00000000), ref: 0080F454
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ShowWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                          • Opcode ID: dcc60f7b1e1924092b7bd7857935c668a3cbd63d90f476103a4c1dca10821bc4
                                                                                                                                                                                                                                                                          • Instruction ID: a6453ec4c8fbcb9c122900d419848f6c3bd1d1ff11f5d25f6df2d3bbed559c43
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dcc60f7b1e1924092b7bd7857935c668a3cbd63d90f476103a4c1dca10821bc4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D410B31604640BECFB99B2D8C88F6A7B97BB57314F15843DE547D6AA1C639B880CB11
                                                                                                                                                                                                                                                                          Function 00842D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00842D1B
                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00842D23
                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00842D2E
                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00842D3A
                                                                                                                                                                                                                                                                          • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00842D76
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00842D87
                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00845A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00842DC2
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00842DE1
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2a8bf2ac24aa6f3025763c7968ff8f80a9c87bca0a46c706d2a769a39dc1b95d
                                                                                                                                                                                                                                                                          • Instruction ID: 8d1d835def44a4b617544cbfb1d019268fe8f89c87f6e9589d48514b21c2f79b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a8bf2ac24aa6f3025763c7968ff8f80a9c87bca0a46c706d2a769a39dc1b95d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5318B76202618BBEB618F548C8AFEB3BADFB1A715F044055FE08DA291C6759C40CBA0
                                                                                                                                                                                                                                                                          Function 00815622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _memcmp
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9b1c59b45cdc702fe540f14d4b847d40414fb1de738304dc1a0ade642da27afd
                                                                                                                                                                                                                                                                          • Instruction ID: 9933a1819148baa94e5a3b837b3675173f2c4f3209ea0b72ae873b3b79142542
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b1c59b45cdc702fe540f14d4b847d40414fb1de738304dc1a0ade642da27afd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F21A461640A1DFBD21456219E82FFA336CFFB1398F840025FE05DA782F768ED5085E5
                                                                                                                                                                                                                                                                          Function 00834FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                          • API String ID: 0-572801152
                                                                                                                                                                                                                                                                          • Opcode ID: da6cc382f42540bc0aafdb1968fd08e0b0682d8ec6718eb771f79730019e961a
                                                                                                                                                                                                                                                                          • Instruction ID: d87ce0b7debc63f3d11874e6f96025d6e8097110919a3ee400aabcfa78b44c87
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da6cc382f42540bc0aafdb1968fd08e0b0682d8ec6718eb771f79730019e961a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DD1B171A0060A9FDF14CFA8C891BAEB7B5FF88344F148469E915EB281E771DD45CB90
                                                                                                                                                                                                                                                                          Function 007F1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCPInfo.KERNEL32(?,?), ref: 007F15CE
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 007F1651
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007F16E4
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 007F16FB
                                                                                                                                                                                                                                                                            • Part of subcall function 007E3820: RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007F1777
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 007F17A2
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 007F17AE
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                          • Opcode ID: 13f48d208eae259ae6b90c8f67263c1a8beb31bb93aa49b45ec4708bf5d1ee54
                                                                                                                                                                                                                                                                          • Instruction ID: f960eb553dcd8e8399dd4a0c7bd2b636a07a0008b8c6d75e4a4fc859b04bd888
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13f48d208eae259ae6b90c8f67263c1a8beb31bb93aa49b45ec4708bf5d1ee54
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B91D272E0020EDADB209E75C885AFE7BB5AF49310F980659EA05E7341DB3DCC40CBA0
                                                                                                                                                                                                                                                                          Function 00834523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                          • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                          • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                          • Opcode ID: e5224c18ddf5e37a2c2a1b718ee313e18b32647f7af8597f0df160c610ae46c7
                                                                                                                                                                                                                                                                          • Instruction ID: b69d16cf29bdf4d5597274a6f0b3bd00897730b82014934abe181b4b8a4ff24a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5224c18ddf5e37a2c2a1b718ee313e18b32647f7af8597f0df160c610ae46c7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C918071A00219ABDF20CFA4C849FAEBBB8FF86714F108559F515EB281D770A945CFA0
                                                                                                                                                                                                                                                                          Function 00821187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0082125C
                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00821284
                                                                                                                                                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 008212A8
                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008212D8
                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0082135F
                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008213C4
                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00821430
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6baedcfb2dcb52a449c19a6e8ea6c4920b25094feb3bda93baa6ec8c69242a24
                                                                                                                                                                                                                                                                          • Instruction ID: 69118c65de981e0fd4ed82761f028aa11aeaf672254865f0d3299f610373332c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6baedcfb2dcb52a449c19a6e8ea6c4920b25094feb3bda93baa6ec8c69242a24
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F391F875A00229DFDF10DF98E888BBEB7B6FF55314F204029E540E7291D778A981CB95
                                                                                                                                                                                                                                                                          Function 007C948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                          • Opcode ID: d1438ddd6a0d4058aef5065cda5dac30633742fd29149990b6214ed33295c35e
                                                                                                                                                                                                                                                                          • Instruction ID: c39692197ff473fc4b91154692a539489bfa86297fe9fe4bd10bf905995b3f3f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1438ddd6a0d4058aef5065cda5dac30633742fd29149990b6214ed33295c35e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90912871D00219EFCB54CFA9CC88AEEBBB8FF49320F148459E515B7291D778AA51CB60
                                                                                                                                                                                                                                                                          Function 00833947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 0083396B
                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 00833A7A
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00833A8A
                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00833C1F
                                                                                                                                                                                                                                                                            • Part of subcall function 00820CDF: VariantInit.OLEAUT32(00000000), ref: 00820D1F
                                                                                                                                                                                                                                                                            • Part of subcall function 00820CDF: VariantCopy.OLEAUT32(?,?), ref: 00820D28
                                                                                                                                                                                                                                                                            • Part of subcall function 00820CDF: VariantClear.OLEAUT32(?), ref: 00820D34
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                          • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                          • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                          • Opcode ID: 6938be363450651657b940a4b5642adce8350f9ab51e42f3ba9d27e062ce3d29
                                                                                                                                                                                                                                                                          • Instruction ID: 6daf9bec3c81aaeed986939b92f2ebdfce75beaf5306c47a06590a572782942d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6938be363450651657b940a4b5642adce8350f9ab51e42f3ba9d27e062ce3d29
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B19122746083059FC704EF28C48596ABBE4FF89314F14882DF89ADB351DB35EA45CB92
                                                                                                                                                                                                                                                                          Function 00834BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0081000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?,?,0081035E), ref: 0081002B
                                                                                                                                                                                                                                                                            • Part of subcall function 0081000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810046
                                                                                                                                                                                                                                                                            • Part of subcall function 0081000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810054
                                                                                                                                                                                                                                                                            • Part of subcall function 0081000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?), ref: 00810064
                                                                                                                                                                                                                                                                          • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00834C51
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00834D59
                                                                                                                                                                                                                                                                          • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00834DCF
                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?), ref: 00834DDA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                          • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                          • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                          • Opcode ID: 8197c466b9303bf2e389d5a8b1627b59e7f71fae024a986f9e8e7a4a52c2cac5
                                                                                                                                                                                                                                                                          • Instruction ID: ea7331fc2bc5830537dbbc4625f427f2d856cb5394e85750d15b112607c18346
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8197c466b9303bf2e389d5a8b1627b59e7f71fae024a986f9e8e7a4a52c2cac5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4910271D0021DEBDF10DFA4C895AEEB7B8FF48314F10816AE915A7251EB34AA45CFA0
                                                                                                                                                                                                                                                                          Function 008420FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetMenu.USER32(?), ref: 00842183
                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(00000000), ref: 008421B5
                                                                                                                                                                                                                                                                          • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 008421DD
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00842213
                                                                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,?), ref: 0084224D
                                                                                                                                                                                                                                                                          • GetSubMenu.USER32(?,?), ref: 0084225B
                                                                                                                                                                                                                                                                            • Part of subcall function 00813A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00813A57
                                                                                                                                                                                                                                                                            • Part of subcall function 00813A3D: GetCurrentThreadId.KERNEL32 ref: 00813A5E
                                                                                                                                                                                                                                                                            • Part of subcall function 00813A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008125B3), ref: 00813A65
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 008422E3
                                                                                                                                                                                                                                                                            • Part of subcall function 0081E97B: Sleep.KERNEL32 ref: 0081E9F3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                          • Opcode ID: b7402eef9e22343c4d6b909556e3ac4227c4f539d450fc6781d10659a35b1d3c
                                                                                                                                                                                                                                                                          • Instruction ID: e6cda4d440ac6c76116605662989f93abe92810b6398822c8ff8b9d760ee3586
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7402eef9e22343c4d6b909556e3ac4227c4f539d450fc6781d10659a35b1d3c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B718D35A04219EFCB10EF68C885AAEB7B5FF88314F548499F816EB341DB74A941CB90
                                                                                                                                                                                                                                                                          Function 00847E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsWindow.USER32(01535358), ref: 00847F37
                                                                                                                                                                                                                                                                          • IsWindowEnabled.USER32(01535358), ref: 00847F43
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0084801E
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(01535358,000000B0,?,?), ref: 00848051
                                                                                                                                                                                                                                                                          • IsDlgButtonChecked.USER32(?,?), ref: 00848089
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(01535358,000000EC), ref: 008480AB
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 008480C3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                          • Opcode ID: 315589bd96fecb5f8b0bed77a461c0223da951321f09e8f23d330467babf746d
                                                                                                                                                                                                                                                                          • Instruction ID: 36cca413520b2b0f99ddd7e6c35bfe123b34de5d60a9fdc0c7cbeda76e369020
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 315589bd96fecb5f8b0bed77a461c0223da951321f09e8f23d330467babf746d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65717B34609648EFEF219F64CC84FAABBB9FF1A300F14445AE955D7261CB31AC49DB20
                                                                                                                                                                                                                                                                          Function 0081AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0081AEF9
                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0081AF0E
                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 0081AF6F
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000010,?), ref: 0081AF9D
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000011,?), ref: 0081AFBC
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000012,?), ref: 0081AFFD
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0081B020
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 87235514-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7c2ff83f1b8bb5f65496e3c68cdd68329b750ec523ddf89554eb63cc92962717
                                                                                                                                                                                                                                                                          • Instruction ID: daaef3bf9fbe884a05e94011962fe118d78b88c63b485cab95f6d9b616464a8f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c2ff83f1b8bb5f65496e3c68cdd68329b750ec523ddf89554eb63cc92962717
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0951D3A06056D53DFB364234C845BFA7EADBF06304F088489F1D9D54C2D798A8C9D761
                                                                                                                                                                                                                                                                          Function 0081ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetParent.USER32(00000000), ref: 0081AD19
                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0081AD2E
                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 0081AD8F
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0081ADBB
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0081ADD8
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0081AE17
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0081AE38
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 87235514-0
                                                                                                                                                                                                                                                                          • Opcode ID: 66876ec56975f88d7a196934986750a947e2f527e023f05b9cf515eba92e285a
                                                                                                                                                                                                                                                                          • Instruction ID: 64e42eea90bc66f171473a7e24b011b4b9dee5810eefa3c1de4163f44fdc658d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66876ec56975f88d7a196934986750a947e2f527e023f05b9cf515eba92e285a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C51C5A15057D53DFB3A8264CC95BFA7E9CBF46304F088488E1D9C58C2D294ACD8D752
                                                                                                                                                                                                                                                                          Function 007E542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetConsoleCP.KERNEL32(007F3CD6,?,?,?,?,?,?,?,?,007E5BA3,?,?,007F3CD6,?,?), ref: 007E5470
                                                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 007E54EB
                                                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 007E5506
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,007F3CD6,00000005,00000000,00000000), ref: 007E552C
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,007F3CD6,00000000,007E5BA3,00000000,?,?,?,?,?,?,?,?,?,007E5BA3,?), ref: 007E554B
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,007E5BA3,00000000,?,?,?,?,?,?,?,?,?,007E5BA3,?), ref: 007E5584
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                          • Opcode ID: 68a802c488cecacd979064e183d00ecd0cc90d5eb5bf0403831b2718933f3c8c
                                                                                                                                                                                                                                                                          • Instruction ID: dacc7c6475ec322bf08e78eeec23da1f53e2c8c9574a45080d5e5ac792db6e95
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68a802c488cecacd979064e183d00ecd0cc90d5eb5bf0403831b2718933f3c8c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD51F370A016889FDB10CFA9D845AEEBBFAFF0D304F14401AF555E7292E734AA50CB60
                                                                                                                                                                                                                                                                          Function 008310B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0083304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0083307A
                                                                                                                                                                                                                                                                            • Part of subcall function 0083304E: _wcslen.LIBCMT ref: 0083309B
                                                                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00831112
                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00831121
                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 008311C9
                                                                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 008311F9
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                          • Opcode ID: aa80fb04d662afc9f981e1a1107a232f5b826f3ea205324764ac09d89f51b4fd
                                                                                                                                                                                                                                                                          • Instruction ID: 8fc72b3eb03d402af1503b91e775391a531c19a66e874b557d7537fc45723185
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa80fb04d662afc9f981e1a1107a232f5b826f3ea205324764ac09d89f51b4fd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF41C035600208AFDB109F18C889BEEBBA9FF85768F148059F915DB291C774AD41CBE1
                                                                                                                                                                                                                                                                          Function 0081CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0081DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0081CF22,?), ref: 0081DDFD
                                                                                                                                                                                                                                                                            • Part of subcall function 0081DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0081CF22,?), ref: 0081DE16
                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 0081CF45
                                                                                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0081CF7F
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0081D005
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0081D01B
                                                                                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?), ref: 0081D061
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                                                                                          • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                          • Opcode ID: 02ccf2360dced0eb2229c3ff1ece7d7324274acd33aa8fda42f86dc179f51871
                                                                                                                                                                                                                                                                          • Instruction ID: b6d8cd6df0018168083554ed81900cc52b34d5308be313d6f0a8a5e3fcfb86c9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02ccf2360dced0eb2229c3ff1ece7d7324274acd33aa8fda42f86dc179f51871
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55415FB18452199FDF12EFA4D985ADEB7BDFF08380F1000A6E505EB141EE74A689CB50
                                                                                                                                                                                                                                                                          Function 00842DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00842E1C
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00842E4F
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00842E84
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00842EB6
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00842EE0
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00842EF1
                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00842F0B
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                          • Opcode ID: 05960b333e27ea0bedafb902aafc1eb931dd9eebbd26dd56047a1d36ada3867f
                                                                                                                                                                                                                                                                          • Instruction ID: db0c86f74fd0b533bcee217cc3ab0a5ff1fa3f74fdfeea95374af0de6c00b9bf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05960b333e27ea0bedafb902aafc1eb931dd9eebbd26dd56047a1d36ada3867f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47311234609248AFEB60CF58DC88F653BE8FB9A714F9501A4F915CB2B2CB71AC41DB01
                                                                                                                                                                                                                                                                          Function 00817726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00817769
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0081778F
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 00817792
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 008177B0
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 008177B9
                                                                                                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 008177DE
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 008177EC
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                          • Opcode ID: 67f4a1ca6e1a5083ea61e65757e80f5f701ec7ba5e786367624034930cb98d8c
                                                                                                                                                                                                                                                                          • Instruction ID: c09d96912ef472a9659014b43281c070289188b6ff4d46ee32eca98d83a8cad1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67f4a1ca6e1a5083ea61e65757e80f5f701ec7ba5e786367624034930cb98d8c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD219C7A605219AFDB10AFA8CC88DFA73ACFF09364B048429FA15DB191D6749C81C764
                                                                                                                                                                                                                                                                          Function 008177FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00817842
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00817868
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 0081786B
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32 ref: 0081788C
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32 ref: 00817895
                                                                                                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 008178AF
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 008178BD
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7681bd24a57248b3c3fa65ffba1721cbbfd214dea498866a5450d465e65844cd
                                                                                                                                                                                                                                                                          • Instruction ID: 15a0a2aa352e7835d3628aaa5ccc35edd1ae092a56bd61a10fab9e2e7b81d063
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7681bd24a57248b3c3fa65ffba1721cbbfd214dea498866a5450d465e65844cd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0213E75609208AF9B10AFA8DC88DEA77BCFF097607108139F915CB2A1D674DC81CB78
                                                                                                                                                                                                                                                                          Function 008204D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(0000000C), ref: 008204F2
                                                                                                                                                                                                                                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0082052E
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                          • String ID: nul
                                                                                                                                                                                                                                                                          • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                          • Opcode ID: 4eadd0d0f406ed8b37d85d1a844c9417d68d7bf44d1dd90423ea920de8a05be2
                                                                                                                                                                                                                                                                          • Instruction ID: 8f387ed2f0c2db72fc2c2410181b423b9adc0da78c6ef4113ae05e63b9ebc45c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4eadd0d0f406ed8b37d85d1a844c9417d68d7bf44d1dd90423ea920de8a05be2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F216275600329ABDB209F69ED44A5A77F8FF45724F204A19F8A1E62E1D7B09980CF60
                                                                                                                                                                                                                                                                          Function 008205A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6), ref: 008205C6
                                                                                                                                                                                                                                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00820601
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                          • String ID: nul
                                                                                                                                                                                                                                                                          • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                          • Opcode ID: d1d30adf5126f0eb903041bf036a9491207d0c5c8829c9e4900feedd0499b632
                                                                                                                                                                                                                                                                          • Instruction ID: 0a50b54d4eef082041caebc020258a3c34bedfe85ce6e8c1ce5863e85a8a15e9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1d30adf5126f0eb903041bf036a9491207d0c5c8829c9e4900feedd0499b632
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28216775500325AFDB209F69EC44A5A77E8FF95724F200A19F8A1E72E6D7B099A0CF10
                                                                                                                                                                                                                                                                          Function 008440AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007B604C
                                                                                                                                                                                                                                                                            • Part of subcall function 007B600E: GetStockObject.GDI32(00000011), ref: 007B6060
                                                                                                                                                                                                                                                                            • Part of subcall function 007B600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 007B606A
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00844112
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0084411F
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0084412A
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00844139
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00844145
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                          • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                          • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                          • Opcode ID: 74233505dac18087fe67519f97f4bef570f99e2ec352a1962b501147ec7b8ae8
                                                                                                                                                                                                                                                                          • Instruction ID: 48f1f3db62b34d7c1d21f2766930cbb49648fec5eaff06b5cc8e436533e29a80
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74233505dac18087fe67519f97f4bef570f99e2ec352a1962b501147ec7b8ae8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B41190B214021DBEEF119E64CC86EE77F5DFF18798F014111BA18E2150CA769C21DBA4
                                                                                                                                                                                                                                                                          Function 007ED7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007ED7A3: _free.LIBCMT ref: 007ED7CC
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007ED82D
                                                                                                                                                                                                                                                                            • Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
                                                                                                                                                                                                                                                                            • Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007ED838
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007ED843
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007ED897
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007ED8A2
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007ED8AD
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007ED8B8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                          • Instruction ID: bb49280d3295ce41be947cc3099dc98e118f2387f72571b85a4e8dd66a6e4271
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E112171542B88EAD531BFB2CC4FFCB7BDC6F08700F404825B699A64A3DA6DB9064A50
                                                                                                                                                                                                                                                                          Function 0081DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0081DA74
                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000), ref: 0081DA7B
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0081DA91
                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000), ref: 0081DA98
                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0081DADC
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • %s (%d) : ==> %s: %s %s, xrefs: 0081DAB9
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                          • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                          • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                          • Opcode ID: 0c10b0d34af12b616334150b5399298cc02a490a04e45654805d7876532d5ec1
                                                                                                                                                                                                                                                                          • Instruction ID: 397092b9d2479e009854f95dc3065eeb54fcf66dcdef4eb4466dc10a41d40ec7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c10b0d34af12b616334150b5399298cc02a490a04e45654805d7876532d5ec1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D016DF69002187FE750EBE49D89EEB376CFB09305F404496B746E2041EA749E848F74
                                                                                                                                                                                                                                                                          Function 0082096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(0152FCE8,0152FCE8), ref: 0082097B
                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0152FCC8,00000000), ref: 0082098D
                                                                                                                                                                                                                                                                          • TerminateThread.KERNEL32(?,000001F6), ref: 0082099B
                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000003E8), ref: 008209A9
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 008209B8
                                                                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(0152FCE8,000001F6), ref: 008209C8
                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(0152FCC8), ref: 008209CF
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                          • Opcode ID: f8f19885ec25f99b793cb3409d946e5655ed91dabc2f03c6761e76172889a649
                                                                                                                                                                                                                                                                          • Instruction ID: c27ea578c84097ac68dfa3844e3a88c0e6e700d7df2165cc86b00996453fc88a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8f19885ec25f99b793cb3409d946e5655ed91dabc2f03c6761e76172889a649
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EFF0EC36543A22BBD7915FA4EE8DBD6BB39FF06702F402025F202908A1C7B594A5CF90
                                                                                                                                                                                                                                                                          Function 00831C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00831DC0
                                                                                                                                                                                                                                                                          • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00831DE1
                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00831DF2
                                                                                                                                                                                                                                                                          • htons.WSOCK32(?,?,?,?,?), ref: 00831EDB
                                                                                                                                                                                                                                                                          • inet_ntoa.WSOCK32(?), ref: 00831E8C
                                                                                                                                                                                                                                                                            • Part of subcall function 008139E8: _strlen.LIBCMT ref: 008139F2
                                                                                                                                                                                                                                                                            • Part of subcall function 00833224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0082EC0C), ref: 00833240
                                                                                                                                                                                                                                                                          • _strlen.LIBCMT ref: 00831F35
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0ee789971d37eaf3f79de41a3be5734845543e9dcca3fc2d87161b14c290cc42
                                                                                                                                                                                                                                                                          • Instruction ID: 24f9ec1f9ee6fdc7d3b0b1df1fee2a43731d8519edc6804243d9a3bda527edaf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ee789971d37eaf3f79de41a3be5734845543e9dcca3fc2d87161b14c290cc42
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6B1CE30204340AFC724DF24C889F6A7BA5FF85718F54895CF5569B2A2CB75ED42CB92
                                                                                                                                                                                                                                                                          Function 007B5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 007B5D30
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 007B5D71
                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 007B5D99
                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 007B5ED7
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 007B5EF8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                          • Opcode ID: 4d16a9b7c4e20251a851246524c987ba5d43520c1eeac7b6ca8907a455d86baf
                                                                                                                                                                                                                                                                          • Instruction ID: 735e8d0b6caff71039bd0a7ef852065b70e4b6c7056a287e9183832cdee80c16
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d16a9b7c4e20251a851246524c987ba5d43520c1eeac7b6ca8907a455d86baf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00B15739A00A4ADBDB10CFA9C4807FAB7F1FF58310F14851AE9A9D7250DB38EA51DB54
                                                                                                                                                                                                                                                                          Function 007E01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 007E00BA
                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007E00D6
                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 007E00ED
                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007E010B
                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 007E0122
                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007E0140
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                          • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                                          • Instruction ID: b20514696396fda7d49a5843c09301fa8ca21e88b1e6ecd21a39ffc6a3bbf7db
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49810672602746EBE7209F2ACC45B6F73F9AF49324F24453AF511DA381E7B8D9408790
                                                                                                                                                                                                                                                                          Function 007E61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,007D82D9,007D82D9,?,?,?,007E644F,00000001,00000001,8BE85006), ref: 007E6258
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,007E644F,00000001,00000001,8BE85006,?,?,?), ref: 007E62DE
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 007E63D8
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 007E63E5
                                                                                                                                                                                                                                                                            • Part of subcall function 007E3820: RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 007E63EE
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 007E6413
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9402296ca708fc4792ad87e211bd88c132335c43ffb9a3d687f62096d0bfe413
                                                                                                                                                                                                                                                                          • Instruction ID: 156c82dfe7b9aa2514b5020d008673c770ba74f8bdd7a0ea57b22a5bbd12d1d8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9402296ca708fc4792ad87e211bd88c132335c43ffb9a3d687f62096d0bfe413
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E510472602296ABDB258F66CC85EBF77A9EF58790F144629FD05D7180EB38DC40C6A0
                                                                                                                                                                                                                                                                          Function 0083BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                            • Part of subcall function 0083C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
                                                                                                                                                                                                                                                                            • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083C9F1
                                                                                                                                                                                                                                                                            • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA68
                                                                                                                                                                                                                                                                            • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA9E
                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083BCCA
                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0083BD25
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0083BD6A
                                                                                                                                                                                                                                                                          • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0083BD99
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0083BDF3
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 0083BDFF
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                          • Opcode ID: ca870c8a068ea850fdccf6525713b15c595d9a4ff4f10a131849780150bf1f34
                                                                                                                                                                                                                                                                          • Instruction ID: 2a2830a9a89c550ffab2c42ac810b7802420bb4711ecf27d7a727d71da4d3fae
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca870c8a068ea850fdccf6525713b15c595d9a4ff4f10a131849780150bf1f34
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7281A070208241EFD714DF24C895E6ABBE5FF84308F14895DF6598B2A2DB31ED45CB92
                                                                                                                                                                                                                                                                          Function 0080F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(00000035), ref: 0080F7B9
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000001), ref: 0080F860
                                                                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(0080FA64,00000000), ref: 0080F889
                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(0080FA64), ref: 0080F8AD
                                                                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(0080FA64,00000000), ref: 0080F8B1
                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0080F8BB
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                          • Opcode ID: c0daa87be509465dc15cb7dc44de345f60b467517157a08ccb9cd5abaf162445
                                                                                                                                                                                                                                                                          • Instruction ID: 4b932705aeb3ec34ec0f726314d81d7ebfaa5aede649a36723e624c1718585a2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0daa87be509465dc15cb7dc44de345f60b467517157a08ccb9cd5abaf162445
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7511731600314EADFB0AB65DC95B69B7A8FF45314B20C42AEA02DF6D3D7748C40C796
                                                                                                                                                                                                                                                                          Function 0082910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625
                                                                                                                                                                                                                                                                            • Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A
                                                                                                                                                                                                                                                                          • GetOpenFileNameW.COMDLG32(00000058), ref: 008294E5
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00829506
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0082952D
                                                                                                                                                                                                                                                                          • GetSaveFileNameW.COMDLG32(00000058), ref: 00829585
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                          • String ID: X
                                                                                                                                                                                                                                                                          • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                          • Opcode ID: 9485bcc7ac1a8acc7fd18ff802b66d8be47f5078eb84f1a6b5cede8c1c77c6c4
                                                                                                                                                                                                                                                                          • Instruction ID: 2fbcf54583fa761b377acb6f7820c5eccfc9df1326cc8bcf9d45b17c50c0e9f8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9485bcc7ac1a8acc7fd18ff802b66d8be47f5078eb84f1a6b5cede8c1c77c6c4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71E1AE31604310DFC724EF24D889BAAB7E4FF84314F14896DE9999B2A2DB34DD45CB92
                                                                                                                                                                                                                                                                          Function 007C920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                                                                                                                                                                                                                          • BeginPaint.USER32(?,?,?), ref: 007C9241
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 007C92A5
                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 007C92C2
                                                                                                                                                                                                                                                                          • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 007C92D3
                                                                                                                                                                                                                                                                          • EndPaint.USER32(?,?,?,?,?), ref: 007C9321
                                                                                                                                                                                                                                                                          • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 008071EA
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9339: BeginPath.GDI32(00000000), ref: 007C9357
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                          • Opcode ID: e331c05b1789766830afaba4f11a83c2b7602612c1e4d8683a46b1080adbbe3f
                                                                                                                                                                                                                                                                          • Instruction ID: ac66086d4325e7e2a011fe797acfbd339b212d36ffc8b43932e60ec032e0dff3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e331c05b1789766830afaba4f11a83c2b7602612c1e4d8683a46b1080adbbe3f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E418C70505201EFDB51DF28CC88FAA7BA8FB56320F14066DFA95C72E1CB35A846DB61
                                                                                                                                                                                                                                                                          Function 008207EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F5), ref: 0082080C
                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00820847
                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 00820863
                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 008208DC
                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 008208F3
                                                                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F6), ref: 00820921
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7d0ce0ab9e20f6e0f3d5c86711fc7bb73abc4e2c24b16ddb4b8683cafb48649b
                                                                                                                                                                                                                                                                          • Instruction ID: 05cd6cd3e21b83c3ee9e1bfccf5d61e33f8d31a31e4c79350daf2c97486b4793
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d0ce0ab9e20f6e0f3d5c86711fc7bb73abc4e2c24b16ddb4b8683cafb48649b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6416B71900215EBDF14AF64DC89A6A77B9FF04300F1440A9ED04DA297DB74DEA1DFA4
                                                                                                                                                                                                                                                                          Function 008481DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0080F3AB,00000000,?,?,00000000,?,0080682C,00000004,00000000,00000000), ref: 0084824C
                                                                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000000), ref: 00848272
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000000), ref: 008482D1
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000004), ref: 008482E5
                                                                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000001), ref: 0084830B
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0084832F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 642888154-0
                                                                                                                                                                                                                                                                          • Opcode ID: d34b490438f3b770e3ca7d68df8556ec132c2bfecfd2a476fa43e1cda6e6b118
                                                                                                                                                                                                                                                                          • Instruction ID: 560e613173ccbea6f468740666c0c89179e7c25fd6238db91fbc56e709dabd04
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d34b490438f3b770e3ca7d68df8556ec132c2bfecfd2a476fa43e1cda6e6b118
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB41A534601658EFDF51CF29CC99BE87BE5FB0A714F185269E5188B262CB71AC41CB50
                                                                                                                                                                                                                                                                          Function 00814C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 00814C95
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00814CB2
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00814CEA
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00814D08
                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00814D10
                                                                                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 00814D1A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 72514467-0
                                                                                                                                                                                                                                                                          • Opcode ID: 3564b8b54709cf5a26147709583640c375eae3186e9a79249835ddfb1a1fd464
                                                                                                                                                                                                                                                                          • Instruction ID: dafa1353e084389a723a73f2631bd3020530227d14f701c609522a2e58ba2d6b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3564b8b54709cf5a26147709583640c375eae3186e9a79249835ddfb1a1fd464
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E213876205204BBEB555B39EC09EBB7BACEF45750F10907EF809CA192EA75DC81D2A0
                                                                                                                                                                                                                                                                          Function 0082581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B3A97,?,?,007B2E7F,?,?,?,00000000), ref: 007B3AC2
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0082587B
                                                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00825995
                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(0084FCF8,00000000,00000001,0084FB68,?), ref: 008259AE
                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 008259CC
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                          • String ID: .lnk
                                                                                                                                                                                                                                                                          • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                          • Opcode ID: f07f93dbc57686f00b6ebbb5e2df5cd26396f75515e79a0778075418720a209a
                                                                                                                                                                                                                                                                          • Instruction ID: 3aa551f535abcae5cf4e8a6e1f23ddd9778886301623694da6f0f7d8d77352cb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f07f93dbc57686f00b6ebbb5e2df5cd26396f75515e79a0778075418720a209a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CD15071608611DFC714DF24D488A6ABBE5FF89720F148859F88ADB361DB31EC85CB92
                                                                                                                                                                                                                                                                          Function 0081175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00810FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00810FCA
                                                                                                                                                                                                                                                                            • Part of subcall function 00810FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00810FD6
                                                                                                                                                                                                                                                                            • Part of subcall function 00810FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00810FE5
                                                                                                                                                                                                                                                                            • Part of subcall function 00810FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00810FEC
                                                                                                                                                                                                                                                                            • Part of subcall function 00810FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00811002
                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000000,00811335), ref: 008117AE
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000000), ref: 008117BA
                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 008117C1
                                                                                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000,00000000,?), ref: 008117DA
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000,00811335), ref: 008117EE
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 008117F5
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                          • Opcode ID: 43388ad88ae111a0e3ddeab9fe74fcf3b32928b59066d5211acfefd5fbdad174
                                                                                                                                                                                                                                                                          • Instruction ID: 1791a53b9c0f37753701697067b9e25a0c276fe39f103af1701c0a300f2c51dc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43388ad88ae111a0e3ddeab9fe74fcf3b32928b59066d5211acfefd5fbdad174
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB118636602609EBDF109FA4CC49FEE7BADFF42359F104818E581E7294C736A980CB60
                                                                                                                                                                                                                                                                          Function 008114CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 008114FF
                                                                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00811506
                                                                                                                                                                                                                                                                          • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00811515
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000004), ref: 00811520
                                                                                                                                                                                                                                                                          • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0081154F
                                                                                                                                                                                                                                                                          • DestroyEnvironmentBlock.USERENV(00000000), ref: 00811563
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                          • Opcode ID: a206740ca971809b4b692bdef07b1e2c230afe89498ca4c7da505547bb625867
                                                                                                                                                                                                                                                                          • Instruction ID: befebe8f913ca5f7072692a5b3c4c8e4d74bc3703ab63a3da87fb2a367805a30
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a206740ca971809b4b692bdef07b1e2c230afe89498ca4c7da505547bb625867
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC11297660220DABDF118F98DD49FDE7BAEFF49744F044015FA05A2160C3758EA0DB61
                                                                                                                                                                                                                                                                          Function 007D3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,007D3379,007D2FE5), ref: 007D3390
                                                                                                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 007D339E
                                                                                                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007D33B7
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,007D3379,007D2FE5), ref: 007D3409
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                          • Opcode ID: 70e49fe5c61183378dc5af9fa03b35a25b56d7f2a5985bd5c2fd3d1a2ca4324b
                                                                                                                                                                                                                                                                          • Instruction ID: 5a2af98d07fef3641b7fd9a02d44239554d3a57a71ada4ed1d44270af326a66c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70e49fe5c61183378dc5af9fa03b35a25b56d7f2a5985bd5c2fd3d1a2ca4324b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D012432209711FEAA242BB4BC8D5262AB8FB05379320022FF414963F1EF198D819186
                                                                                                                                                                                                                                                                          Function 007E2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,007E5686,007F3CD6,?,00000000,?,007E5B6A,?,?,?,?,?,007DE6D1,?,00878A48), ref: 007E2D78
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E2DAB
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E2DD3
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,007DE6D1,?,00878A48,00000010,007B4F4A,?,?,00000000,007F3CD6), ref: 007E2DE0
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,007DE6D1,?,00878A48,00000010,007B4F4A,?,?,00000000,007F3CD6), ref: 007E2DEC
                                                                                                                                                                                                                                                                          • _abort.LIBCMT ref: 007E2DF2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                          • Opcode ID: 30691485b4a6b20d126be4be2b8801a9c5ac44aa787ae20c930edb3673c64dcb
                                                                                                                                                                                                                                                                          • Instruction ID: dcd59a9627bac9f6fcdb89895675d94b15d61b2987c9438e7278907d289b71f5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30691485b4a6b20d126be4be2b8801a9c5ac44aa787ae20c930edb3673c64dcb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DF0F935607580B7C25267376C0EA1A265DBBCA7A4F314119F624D32A3EE2C88034160
                                                                                                                                                                                                                                                                          Function 00848A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007C9693
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9639: SelectObject.GDI32(?,00000000), ref: 007C96A2
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9639: BeginPath.GDI32(?), ref: 007C96B9
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9639: SelectObject.GDI32(?,00000000), ref: 007C96E2
                                                                                                                                                                                                                                                                          • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00848A4E
                                                                                                                                                                                                                                                                          • LineTo.GDI32(?,00000003,00000000), ref: 00848A62
                                                                                                                                                                                                                                                                          • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00848A70
                                                                                                                                                                                                                                                                          • LineTo.GDI32(?,00000000,00000003), ref: 00848A80
                                                                                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 00848A90
                                                                                                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 00848AA0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 43455801-0
                                                                                                                                                                                                                                                                          • Opcode ID: 3d321a40a4a2f199871ad92441e7804a5175939dfea7f1ba3df9303118f39fef
                                                                                                                                                                                                                                                                          • Instruction ID: 6fc316a5b477960c6d52a3f73b5bf95c4b115089fbf2906a7f119267e4524209
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d321a40a4a2f199871ad92441e7804a5175939dfea7f1ba3df9303118f39fef
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F411057600111CFFEF129F94DC88EAA7F6CFB09394F048022FA199A1A1C771AD55DBA0
                                                                                                                                                                                                                                                                          Function 008151FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00815218
                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 00815229
                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00815230
                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00815238
                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0081524F
                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00815261
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2b35a14a6b9404fa82cd2ee3cf8cede32e987296bda9735f90f77c51db30cb75
                                                                                                                                                                                                                                                                          • Instruction ID: 26fcf05aff55e071b714a06cb8017ff89b591e320e8addc1cc98217dd0ef9d72
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b35a14a6b9404fa82cd2ee3cf8cede32e987296bda9735f90f77c51db30cb75
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1014F75A01719BBEB109BA69C49A5EBFBCFF49751F048066FA04E7291DA709800CFA0
                                                                                                                                                                                                                                                                          Function 007B1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(0000005B,00000000), ref: 007B1BF4
                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000010,00000000), ref: 007B1BFC
                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(000000A0,00000000), ref: 007B1C07
                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(000000A1,00000000), ref: 007B1C12
                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000011,00000000), ref: 007B1C1A
                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 007B1C22
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Virtual
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                          • Opcode ID: 63b053ac44c51eae03ab861f12dd4979592de3ca2760f43d626d9661ffc6f3f0
                                                                                                                                                                                                                                                                          • Instruction ID: 3f8686ace90b27130a065b1dffd0cc3d05dc5a0dd8acd1c2a841b472654460b8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63b053ac44c51eae03ab861f12dd4979592de3ca2760f43d626d9661ffc6f3f0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B10167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CFE5
                                                                                                                                                                                                                                                                          Function 0081EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0081EB30
                                                                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0081EB46
                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 0081EB55
                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0081EB64
                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0081EB6E
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0081EB75
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 839392675-0
                                                                                                                                                                                                                                                                          • Opcode ID: e66797af8c43b99b37343f043edbcd3cdcb46727e616ce3037a06bf5ea47335d
                                                                                                                                                                                                                                                                          • Instruction ID: 901d6b6c9596cd258f93bb76504fc56fc0e80b314647739ba9a3f5df6893303c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e66797af8c43b99b37343f043edbcd3cdcb46727e616ce3037a06bf5ea47335d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1F0BEBA202158BBE7605B629C0EEEF3E7CFFCBB11F004158FA02E1090D7A01A01C6B4
                                                                                                                                                                                                                                                                          Function 00807439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?), ref: 00807452
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001328,00000000,?), ref: 00807469
                                                                                                                                                                                                                                                                          • GetWindowDC.USER32(?), ref: 00807475
                                                                                                                                                                                                                                                                          • GetPixel.GDI32(00000000,?,?), ref: 00807484
                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00807496
                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000005), ref: 008074B0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 272304278-0
                                                                                                                                                                                                                                                                          • Opcode ID: acb979966e7a7a8ae8b3401b6dc3d0b94f7d225158ff5ee21d12e7a87cc43d1b
                                                                                                                                                                                                                                                                          • Instruction ID: a1a110e5c03d7311928d127f5015a7cefbee78a13102714282868b4eb6ec928e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: acb979966e7a7a8ae8b3401b6dc3d0b94f7d225158ff5ee21d12e7a87cc43d1b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D018635801605EFEB905FA4DC08BAE7BB9FB05321F224068FA16A21A1CB312E41EB14
                                                                                                                                                                                                                                                                          Function 00811874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0081187F
                                                                                                                                                                                                                                                                          • UnloadUserProfile.USERENV(?,?), ref: 0081188B
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00811894
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0081189C
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 008118A5
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 008118AC
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 146765662-0
                                                                                                                                                                                                                                                                          • Opcode ID: 16a481885e78c2fa61b1b01d01873b95588c74c7b80c024a57098c4260f90122
                                                                                                                                                                                                                                                                          • Instruction ID: 1c0937363f03f0a46bf8fc9774ef32a150b21399f27d2067bf766a607b505bf1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16a481885e78c2fa61b1b01d01873b95588c74c7b80c024a57098c4260f90122
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1E0E53A206101BBDB415FA5ED0C90AFF3DFF4AB22B108220F22581170CB329420DF50
                                                                                                                                                                                                                                                                          Function 0081C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625
                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0081C6EE
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0081C735
                                                                                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0081C79C
                                                                                                                                                                                                                                                                          • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0081C7CA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                          • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                          • Opcode ID: d378e557efb11aed9cfaead9b92d2c877bff3fb23bc0d371c9f8dd0be77a9531
                                                                                                                                                                                                                                                                          • Instruction ID: eb8bf6c51b4bbe777219372a5a75404beadabe73d54c1f13d426a15ea12e24b4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d378e557efb11aed9cfaead9b92d2c877bff3fb23bc0d371c9f8dd0be77a9531
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE51AD716843019BD714AF28C889BEA77ECFF59314F040A2DF996D21E1DBA4D984CB52
                                                                                                                                                                                                                                                                          Function 0083AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ShellExecuteExW.SHELL32(0000003C), ref: 0083AEA3
                                                                                                                                                                                                                                                                            • Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625
                                                                                                                                                                                                                                                                          • GetProcessId.KERNEL32(00000000), ref: 0083AF38
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0083AF67
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                          • String ID: <$@
                                                                                                                                                                                                                                                                          • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                          • Opcode ID: a1e8e54d99908530fd31c87e4971018f6bd14dc05f2c7eeb71df1fd777beea8e
                                                                                                                                                                                                                                                                          • Instruction ID: 0e93e18584d8fd4e031ba74f8871918c6b0a72136bb4e8682d7f72f6ddc2bcfa
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1e8e54d99908530fd31c87e4971018f6bd14dc05f2c7eeb71df1fd777beea8e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87718A75A00619DFCB18DF54C489A9EBBF4FF48314F048499E856AB3A2CB78ED41CB91
                                                                                                                                                                                                                                                                          Function 0081719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00817206
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0081723C
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0081724D
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 008172CF
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                          • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                          • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                          • Opcode ID: 38a6ffc5ca8cbca647b1fc7f10cd762c66a8f94732e9ebd2ada5964b33278f4b
                                                                                                                                                                                                                                                                          • Instruction ID: 1ca5c98b3e6a3f8f05037f39f97756a81cdd12291725abb556c542c6cfa0c9e7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38a6ffc5ca8cbca647b1fc7f10cd762c66a8f94732e9ebd2ada5964b33278f4b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9412971A04205AFDB15CF54C884ADA7BBDFF49314B1480ADBD0ADF20AD7B1D985CBA0
                                                                                                                                                                                                                                                                          Function 00843D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00843E35
                                                                                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 00843E4A
                                                                                                                                                                                                                                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00843E92
                                                                                                                                                                                                                                                                          • DrawMenuBar.USER32 ref: 00843EA5
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                          • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                          • Opcode ID: 45180c6f9bd4b2ccfb32527353aac6a5f9f7ddb61013cd8a837b161c1244ee81
                                                                                                                                                                                                                                                                          • Instruction ID: b52c46acbfc5dd71368a9f03236ddabf6cb1de7dcc274b189626b5d1a03da5cf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45180c6f9bd4b2ccfb32527353aac6a5f9f7ddb61013cd8a837b161c1244ee81
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF414575A0220DEFDB10EF64D884AAABBB9FF49354F044129E915EB650D730AE45CF60
                                                                                                                                                                                                                                                                          Function 00811DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                            • Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00811E66
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00811E79
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000189,?,00000000), ref: 00811EA9
                                                                                                                                                                                                                                                                            • Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                          • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                          • Opcode ID: a53d673d4eddfad0e43288959870c60e66c2f82700560289a58195870686ea9a
                                                                                                                                                                                                                                                                          • Instruction ID: 6dd28082749322f52527f9083762dc85afc477b2eb9fa2f146637e5ffa25ed64
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a53d673d4eddfad0e43288959870c60e66c2f82700560289a58195870686ea9a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B210771A00108BADF14ABA4DC4DDFFB7BDFF45354B104119FA26E71E1DB3849459620
                                                                                                                                                                                                                                                                          Function 00842F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00842F8D
                                                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?), ref: 00842F94
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00842FA9
                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00842FB1
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                          • String ID: SysAnimate32
                                                                                                                                                                                                                                                                          • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                          • Opcode ID: 62840c4a7149199b99da4e1aa952f25cc0ae62149e190b09335d082f571e427d
                                                                                                                                                                                                                                                                          • Instruction ID: d45e6647133c00990e823b7ae1700e6fe0e827252d86e0245c9451369a3b9770
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62840c4a7149199b99da4e1aa952f25cc0ae62149e190b09335d082f571e427d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5821AE7120820DABEB205F64DC84EBB77BDFB69364F904218F950D2190DB71DC559760
                                                                                                                                                                                                                                                                          Function 007D4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,007D4D1E,007E28E9,?,007D4CBE,007E28E9,008788B8,0000000C,007D4E15,007E28E9,00000002), ref: 007D4D8D
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 007D4DA0
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,007D4D1E,007E28E9,?,007D4CBE,007E28E9,008788B8,0000000C,007D4E15,007E28E9,00000002,00000000), ref: 007D4DC3
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                          • Opcode ID: 8400c6adf447e1ce7be9f633a421b9195ce8996fef8a6b3035f2c9ce3c026de3
                                                                                                                                                                                                                                                                          • Instruction ID: 009cc838ae82663efe9e218ba111b8a39ed9961825e89eb936bcd1728044c400
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8400c6adf447e1ce7be9f633a421b9195ce8996fef8a6b3035f2c9ce3c026de3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6F04F35A41208BBDB519F90DC49BADBFB9FF48756F0000A9F909A2360DB359940CED0
                                                                                                                                                                                                                                                                          Function 0080D3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32 ref: 0080D3AD
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0080D3BF
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 0080D3E5
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                          • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                          • API String ID: 145871493-2590602151
                                                                                                                                                                                                                                                                          • Opcode ID: 803d85b4c19a42dda54a395bf521526526d6d7a17e6ad91fb263cb61b7087ae2
                                                                                                                                                                                                                                                                          • Instruction ID: 50cf7d2b85a3fb04d981a5bf85736a1ed49d82a929f3706e93277faa45b8956b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 803d85b4c19a42dda54a395bf521526526d6d7a17e6ad91fb263cb61b7087ae2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EF05C75407714EBD7F117904C08A197718FF11705B558059F801E12C9EB24DD44C795
                                                                                                                                                                                                                                                                          Function 007B4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,007B4EDD,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E9C
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 007B4EAE
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,007B4EDD,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4EC0
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                          • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                          • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                          • Opcode ID: 91501abc1e4e3c3b6cebd153be5206cabbfd4d53cfcfcd39315af6641b26217c
                                                                                                                                                                                                                                                                          • Instruction ID: 2cf28801316f23443af8c7466a14622f30a442b876fc85099be98b51582b6bda
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91501abc1e4e3c3b6cebd153be5206cabbfd4d53cfcfcd39315af6641b26217c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05E01D39A036225BD3B11B296C19B9F755CFF82F667050115FD05D2256DB6CCD01C5A1
                                                                                                                                                                                                                                                                          Function 007B4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,007F3CDE,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E62
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 007B4E74
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,007F3CDE,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E87
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                          • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                          • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                          • Opcode ID: 7891c0e88bb014a026f9a1884b5abb12965c8ba9d4e8197aa0781b516d3ca84e
                                                                                                                                                                                                                                                                          • Instruction ID: 9e149030d5132c0ccb954c4f8892cf3a71f8393d6646c3f192616eb68c94063c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7891c0e88bb014a026f9a1884b5abb12965c8ba9d4e8197aa0781b516d3ca84e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97D01239503A615756A21B256C1CECB7B1CFF86B653054515B905E2215CF69CD01C5E1
                                                                                                                                                                                                                                                                          Function 00822947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00822C05
                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?), ref: 00822C87
                                                                                                                                                                                                                                                                          • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00822C9D
                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00822CAE
                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00822CC0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                          • Opcode ID: e1418647f15477fc153d24a79e0b4b6c33fe898b344572febf70c5b13b463224
                                                                                                                                                                                                                                                                          • Instruction ID: 63e30089b1e106abe8d7d06f8cbb448471273090a60a21a06621a022785827c6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1418647f15477fc153d24a79e0b4b6c33fe898b344572febf70c5b13b463224
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFB14E71900129ABDF21EBA4DC89EDEB77DFF49350F1040A6F509E6251EA349A848B61
                                                                                                                                                                                                                                                                          Function 0083A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 0083A427
                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0083A435
                                                                                                                                                                                                                                                                          • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0083A468
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0083A63D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                          • Opcode ID: a942619eb881ba7aaad3c3eda8f56ef51a977885ed7b09dcb719623cb619ed74
                                                                                                                                                                                                                                                                          • Instruction ID: e88a837d78b4ac00a62b3dc50a748321c95022841be92e8bd062cacdef286bf5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a942619eb881ba7aaad3c3eda8f56ef51a977885ed7b09dcb719623cb619ed74
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15A18B71604300AFD724DF24C886F2AB7E5AF84714F14885DF99ADB292DBB4ED41CB92
                                                                                                                                                                                                                                                                          Function 0081E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0081DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0081CF22,?), ref: 0081DDFD
                                                                                                                                                                                                                                                                            • Part of subcall function 0081DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0081CF22,?), ref: 0081DE16
                                                                                                                                                                                                                                                                            • Part of subcall function 0081E199: GetFileAttributesW.KERNEL32(?,0081CF95), ref: 0081E19A
                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 0081E473
                                                                                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0081E4AC
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0081E5EB
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0081E603
                                                                                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0081E650
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                          • Opcode ID: 51147a078b55d69c0d916ce7ce82d8b678ecd426660258f6de41b1658309781f
                                                                                                                                                                                                                                                                          • Instruction ID: 26cac6b81c3406e3b3c6c13bf8bc32650a8d8f255ae7dd6e01368d19f0ea68fa
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51147a078b55d69c0d916ce7ce82d8b678ecd426660258f6de41b1658309781f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 765162B24087459BC724DBA4DC859DBB3ECEF85340F00491EFA89D3151EF74A688C76A
                                                                                                                                                                                                                                                                          Function 0083B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                            • Part of subcall function 0083C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
                                                                                                                                                                                                                                                                            • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083C9F1
                                                                                                                                                                                                                                                                            • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA68
                                                                                                                                                                                                                                                                            • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA9E
                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083BAA5
                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0083BB00
                                                                                                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0083BB63
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?), ref: 0083BBA6
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0083BBB3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 826366716-0
                                                                                                                                                                                                                                                                          • Opcode ID: 976e26c04b20bc5a12d954d09e38dc3fbec1d8eeaebcadf6e6dbb938daf35e18
                                                                                                                                                                                                                                                                          • Instruction ID: 915a1bf8fdf480946be1e8e1bf6379da5583708308921a02e4bb1aa5b71d09d6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 976e26c04b20bc5a12d954d09e38dc3fbec1d8eeaebcadf6e6dbb938daf35e18
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D161BE71209241EFC314DF24C494E6ABBE9FF84318F14899CF5998B2A2DB31ED45CB92
                                                                                                                                                                                                                                                                          Function 00818BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00818BCD
                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32 ref: 00818C3E
                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32 ref: 00818C9D
                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00818D10
                                                                                                                                                                                                                                                                          • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00818D3B
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                          • Opcode ID: a192d7347853d5542ce2014cbe6a5da05734a6ca6751ca69ea49e780e344b7ca
                                                                                                                                                                                                                                                                          • Instruction ID: 0717e7c583a6d0fa4bff7d2146e98a97055155ff2052df60ec8de89695b084e9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a192d7347853d5542ce2014cbe6a5da05734a6ca6751ca69ea49e780e344b7ca
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A5167B5A00219EFCB10CF68D884AAAB7F8FF89314B158559F909DB350E730E911CF90
                                                                                                                                                                                                                                                                          Function 00828AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00828BAE
                                                                                                                                                                                                                                                                          • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00828BDA
                                                                                                                                                                                                                                                                          • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00828C32
                                                                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00828C57
                                                                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00828C5F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2b984eb55d4475901035b574e47172ee16e081fb628804f5c909e8120298431a
                                                                                                                                                                                                                                                                          • Instruction ID: fa45f049807b4b4658e5e3b8ac8dea22e9d34fc12c947db5d23689723375dc57
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b984eb55d4475901035b574e47172ee16e081fb628804f5c909e8120298431a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75514A35A00215EFCB15DF64C885EA9BBF5FF49314F088498E849AB362DB35ED51CBA0
                                                                                                                                                                                                                                                                          Function 00838EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00838F40
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00838FD0
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00838FEC
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00839032
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00839052
                                                                                                                                                                                                                                                                            • Part of subcall function 007CF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00821043,?,753CE610), ref: 007CF6E6
                                                                                                                                                                                                                                                                            • Part of subcall function 007CF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0080FA64,00000000,00000000,?,?,00821043,?,753CE610,?,0080FA64), ref: 007CF70D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 666041331-0
                                                                                                                                                                                                                                                                          • Opcode ID: 60b51738f433137863be13f074e00037ba21b3dfdb835d238feef0e5b49281e2
                                                                                                                                                                                                                                                                          • Instruction ID: a0350f6636dbbd63f69f6436dd1a36ffdc0ec5de9dcb23ca5d10eb111f0f1044
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60b51738f433137863be13f074e00037ba21b3dfdb835d238feef0e5b49281e2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE514834605205DFCB14DF68C4989ADBBF1FF89314F0480A8E90AAB362DB75ED85CB90
                                                                                                                                                                                                                                                                          Function 00846B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00846C33
                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,?), ref: 00846C4A
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00846C73
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0082AB79,00000000,00000000), ref: 00846C98
                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00846CC7
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0bd301e41e89acbcd5a0d1cf7fe45fc9cea840b2b52f67f29b0494202971e972
                                                                                                                                                                                                                                                                          • Instruction ID: bf290d726349df6672adf69598dc108a22ab4fab9ab384f58dcfef6a0b400646
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bd301e41e89acbcd5a0d1cf7fe45fc9cea840b2b52f67f29b0494202971e972
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB41D935A0410CAFD724CF68CC98FA57BA9FB0B364F150258F895D72E0E771AD61DA41
                                                                                                                                                                                                                                                                          Function 007E2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0eb78f96a2d8b70f85663c875dd3ea4a588c74c1f7e835f28c071646dbfae687
                                                                                                                                                                                                                                                                          • Instruction ID: a2ace22b2959035da55e73dfb98ff87d8fb33481e20233f5ce4637c4b0a496d2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0eb78f96a2d8b70f85663c875dd3ea4a588c74c1f7e835f28c071646dbfae687
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB41E232A01204DFCB24DF79C885A5DB3B9EF89310F1545ADE515EB392EA35EE02CB80
                                                                                                                                                                                                                                                                          Function 007C912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 007C9141
                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(00000000,?), ref: 007C915E
                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000001), ref: 007C9183
                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000002), ref: 007C919D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                          • Opcode ID: c7a1f87ea00286cef786fa22f82dcbcdb86e55a9ef9ba07dfde3bf59a246bcbc
                                                                                                                                                                                                                                                                          • Instruction ID: 53753f3889a0405dc13dd51329f2ab2f2b46feab1224bd42bfdc1a860809580f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7a1f87ea00286cef786fa22f82dcbcdb86e55a9ef9ba07dfde3bf59a246bcbc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C416C31A0860AFBDF559F68C849BEEB774FB05324F248229E529A32E0C7346950CB91
                                                                                                                                                                                                                                                                          Function 00823874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetInputState.USER32 ref: 008238CB
                                                                                                                                                                                                                                                                          • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00823922
                                                                                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 0082394B
                                                                                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 00823955
                                                                                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00823966
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                          • Opcode ID: 4894f866e29422d1f4e86404c3d0eb82b22f019ffc277909dcf7b52d18bac3a0
                                                                                                                                                                                                                                                                          • Instruction ID: 83b34daef70e1c388b4c92db7a439930e9093cfff362392c97868da0fd45ed9a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4894f866e29422d1f4e86404c3d0eb82b22f019ffc277909dcf7b52d18bac3a0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6831C6709043659EEF25CB38A869BB67FACFB07304F04056DE462D65A0E7BCA6C5CB11
                                                                                                                                                                                                                                                                          Function 0082CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0082C21E,00000000), ref: 0082CF38
                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,00000000,?,?), ref: 0082CF6F
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,?,?,0082C21E,00000000), ref: 0082CFB4
                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,0082C21E,00000000), ref: 0082CFC8
                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,0082C21E,00000000), ref: 0082CFF2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                          • Opcode ID: 4101f05bc9bef8b04cb31701f682e2626987dc3601f44185d5e31de2c06d7a4e
                                                                                                                                                                                                                                                                          • Instruction ID: bc3f59297ca6893e6a1530d6481a83bac904f5691e828558d9d1594bb90b8d49
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4101f05bc9bef8b04cb31701f682e2626987dc3601f44185d5e31de2c06d7a4e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12314C71600615EFDB20DFA5E984ABFBBFAFB15354B10442EF516D2150DBB0AE80DB60
                                                                                                                                                                                                                                                                          Function 00811901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00811915
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000001,00000201,00000001), ref: 008119C1
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?), ref: 008119C9
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000001,00000202,00000000), ref: 008119DA
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?), ref: 008119E2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9ac17af2adc12d955f4c2c8da24d0e2a6d1db0afabe856773213eb118223bd26
                                                                                                                                                                                                                                                                          • Instruction ID: 53003239f63097f18dc77db06ff1d4ddf5325693e3a1fbcb74e5d9ae406b500b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ac17af2adc12d955f4c2c8da24d0e2a6d1db0afabe856773213eb118223bd26
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40318A75A00219AFCB00CFA8C999ADE3BB9FF05315F108229FA21E72D1C7709984CB91
                                                                                                                                                                                                                                                                          Function 00845706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00845745
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001074,?,00000001), ref: 0084579D
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008457AF
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008457BA
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00845816
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 763830540-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1dd6da03817f53a8a0e6af1bad776a351c0ddc6e953d428ac5c19a5d563f32e6
                                                                                                                                                                                                                                                                          • Instruction ID: fa9c51b16bf1c031e6374f46f664e51548d8e4c4e0cd00c7353d73df8f0b3b50
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1dd6da03817f53a8a0e6af1bad776a351c0ddc6e953d428ac5c19a5d563f32e6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C21A57590461CEBDB209F64CC85AEE7BBCFF15328F108226E929EA181D7709985CF50
                                                                                                                                                                                                                                                                          Function 007C990F Relevance: 7.6, APIs: 5, Instructions: 75COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000008), ref: 007C98CC
                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 007C98D6
                                                                                                                                                                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 007C98E9
                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 007C98F1
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 007C9952
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Color$LongModeObjectStockTextWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1860813098-0
                                                                                                                                                                                                                                                                          • Opcode ID: c4ed082e7e131905690d74d6f5a63ff9b4ed92afd4dc3dd7b5dcfad2ffd47669
                                                                                                                                                                                                                                                                          • Instruction ID: 459d8688670ddd7a197c83ef38b021c48ac8ab32e0af3e4620f31a56cfac5fce
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4ed082e7e131905690d74d6f5a63ff9b4ed92afd4dc3dd7b5dcfad2ffd47669
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA2147314462909FCBA24F34EC5CFE53FA4AF67321F09018EE6928B1E2D7396941CB10
                                                                                                                                                                                                                                                                          Function 00830930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsWindow.USER32(00000000), ref: 00830951
                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00830968
                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 008309A4
                                                                                                                                                                                                                                                                          • GetPixel.GDI32(00000000,?,00000003), ref: 008309B0
                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000003), ref: 008309E8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                          • Opcode ID: fad088969bae27dec0015164babe6d7ddea8e4be3ed3f0492359b1ebcb207726
                                                                                                                                                                                                                                                                          • Instruction ID: 0aeea945fbd0d7a8874ef899441b9a99aabc184ccc356da6eecc438e4b021767
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fad088969bae27dec0015164babe6d7ddea8e4be3ed3f0492359b1ebcb207726
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0219239A00214AFD714EF68D848AAEBBE9FF49700F04806DE846D7362CB74AD44CB90
                                                                                                                                                                                                                                                                          Function 007ECDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 007ECDC6
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 007ECDE9
                                                                                                                                                                                                                                                                            • Part of subcall function 007E3820: RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 007ECE0F
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007ECE22
                                                                                                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 007ECE31
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 336800556-0
                                                                                                                                                                                                                                                                          • Opcode ID: 33aceb5797cb3254fc29298eab8c0a9a4fcdae383b1d93a68b22f95d3662e208
                                                                                                                                                                                                                                                                          • Instruction ID: 3f4d337ff001e79b0e2f16a6c807ff4035643e2d2ce196f07aea564aa84c5f84
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33aceb5797cb3254fc29298eab8c0a9a4fcdae383b1d93a68b22f95d3662e208
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E01847A6032957F23261ABB6C8DD7B796DEECBBA1315012DF905D7201EA698D0381B0
                                                                                                                                                                                                                                                                          Function 007C9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007C9693
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 007C96A2
                                                                                                                                                                                                                                                                          • BeginPath.GDI32(?), ref: 007C96B9
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 007C96E2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                          • Opcode ID: b42091aa466ea46f667b2776bdd57513d1511fca4c010dcca144438f9a1a5a80
                                                                                                                                                                                                                                                                          • Instruction ID: 1c4e9ed553ffd97d0fef64e10dfb18dad075f3b0158eb04e6aff39dba5337549
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b42091aa466ea46f667b2776bdd57513d1511fca4c010dcca144438f9a1a5a80
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58215B30802305EBDF519F68EC1CBA97FACBB51765F50421EF910A61F0DB78A892CB94
                                                                                                                                                                                                                                                                          Function 00815711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _memcmp
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                          • Opcode ID: c7d7e5386ca98366bc7bcdfea1c093dc8d2f8b73e55b4e78a695707d4bc12b90
                                                                                                                                                                                                                                                                          • Instruction ID: 25413c5e84caaaa0e60dcf7b542649df44b55df32e25dd2d924a241bb88e8c26
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7d7e5386ca98366bc7bcdfea1c093dc8d2f8b73e55b4e78a695707d4bc12b90
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 550192A564161DFAE20855109D83EFA635CFFA13A8B404425FE14DA382F664ED9086A0
                                                                                                                                                                                                                                                                          Function 007E2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,007DF2DE,007E3863,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6), ref: 007E2DFD
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E2E32
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E2E59
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,007B1129), ref: 007E2E66
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,007B1129), ref: 007E2E6F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                          • Opcode ID: df45c3b02200e14756d5238aba1600b52b08895b55219034174a70bf49f27482
                                                                                                                                                                                                                                                                          • Instruction ID: 521cf5eebcaeb6d580a6a3d346326abb610d3a6f98020daf690945c2b78d19fc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df45c3b02200e14756d5238aba1600b52b08895b55219034174a70bf49f27482
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3001F436207690A7C61227776C4ED2B265DBBCE7A5B214028F425E32A3EA2CCC034520
                                                                                                                                                                                                                                                                          Function 0081000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?,?,0081035E), ref: 0081002B
                                                                                                                                                                                                                                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810046
                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810054
                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?), ref: 00810064
                                                                                                                                                                                                                                                                          • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810070
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                          • Opcode ID: 96e983b06c80bb4208fd40589a61af3a1b8881d834301e66dc24c616ca5249da
                                                                                                                                                                                                                                                                          • Instruction ID: 64bdcb67ccf686346d9b879e84e4b9dc447b9c5ab1003b6c487e764d4845096f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96e983b06c80bb4208fd40589a61af3a1b8881d834301e66dc24c616ca5249da
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE018F7A601608BFDB504F68DC04BEA7AADFF48791F144124F905D2211E7B1DE80CBA0
                                                                                                                                                                                                                                                                          Function 0081E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0081E997
                                                                                                                                                                                                                                                                          • QueryPerformanceFrequency.KERNEL32(?), ref: 0081E9A5
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 0081E9AD
                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0081E9B7
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32 ref: 0081E9F3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5231acbe761e7f8d81d2d6ec7d405eb1b813db9adbe56b3f7e54c47b760429ce
                                                                                                                                                                                                                                                                          • Instruction ID: edec36c4912ebf244bc602849d9cdb259264adeb50844a12292837b97211c565
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5231acbe761e7f8d81d2d6ec7d405eb1b813db9adbe56b3f7e54c47b760429ce
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9201203580262DDBCF40ABA4D849AEDBF7CFF0A700F000546E902B2241DB309690CBA2
                                                                                                                                                                                                                                                                          Function 008110F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00811114
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811120
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 0081112F
                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811136
                                                                                                                                                                                                                                                                          • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0081114D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 842720411-0
                                                                                                                                                                                                                                                                          • Opcode ID: cb6f4c165fb0fb4777619a384924a86f03e72a424da3677912162897220db374
                                                                                                                                                                                                                                                                          • Instruction ID: 4948babb6b55032bf9debff093acc5b7f3d2f3789d98eebd645afd4b7d59864a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb6f4c165fb0fb4777619a384924a86f03e72a424da3677912162897220db374
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37011D79101205BFDB514FA5DC4DAAA7B6EFF86364B104419FA45D7360DA31DC40DA60
                                                                                                                                                                                                                                                                          Function 00810FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00810FCA
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00810FD6
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00810FE5
                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00810FEC
                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00811002
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 44706859-0
                                                                                                                                                                                                                                                                          • Opcode ID: 567998ea6ecc569b2c923c110b2fb9ce9f7666ecd1e892198d061c37184415d0
                                                                                                                                                                                                                                                                          • Instruction ID: ccb2c210ecf68ee371e23e2ba8fff4d4b211dd63b5159a1e00ef72f49331ce83
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 567998ea6ecc569b2c923c110b2fb9ce9f7666ecd1e892198d061c37184415d0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62F06D39602701EBDB214FA4DC4DF963BADFF8ABA2F104415FA45C7251CA70DC80CA60
                                                                                                                                                                                                                                                                          Function 00811014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0081102A
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00811036
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00811045
                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0081104C
                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00811062
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 44706859-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7fe515ebbb15722272c67178beac765ac5fc3883313d04f2c9e8ba271953a579
                                                                                                                                                                                                                                                                          • Instruction ID: 2bcc944d465dc3453d9a31218299b08047f1b907c3da8dc3b30b59fb1ac4fd26
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fe515ebbb15722272c67178beac765ac5fc3883313d04f2c9e8ba271953a579
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4CF06D39602701EBDB219FA5EC4DF963BADFF8A761F100415FA45C7250CA70D880CA60
                                                                                                                                                                                                                                                                          Function 0082030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 00820324
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 00820331
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 0082033E
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 0082034B
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 00820358
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 00820365
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                          • Opcode ID: df780eb3b1c922f1286d6ed0b8409bec9e61ab02a9f457bb54375860e4e4e8bd
                                                                                                                                                                                                                                                                          • Instruction ID: 0c63a696e60e79dc9cb794e17bf8f878aa9cfbcbd47e62372855c1293170ac94
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df780eb3b1c922f1286d6ed0b8409bec9e61ab02a9f457bb54375860e4e4e8bd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B101A272801B259FC7309F66E880412FBF9FF503153158A3FD19692A32C371A994CF80
                                                                                                                                                                                                                                                                          Function 007ED73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007ED752
                                                                                                                                                                                                                                                                            • Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
                                                                                                                                                                                                                                                                            • Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007ED764
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007ED776
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007ED788
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007ED79A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: b69ccbe27691a6ec38b43fee12e742f1ca277f1da36e9e5f952b85330fe1c2ec
                                                                                                                                                                                                                                                                          • Instruction ID: bd6ebfb9ac73924f51d1c557277c2270fc09ce7cbed4464583d9af027d63b1f6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b69ccbe27691a6ec38b43fee12e742f1ca277f1da36e9e5f952b85330fe1c2ec
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7F01232546288AB8671EB66F9CAC1A7BDDBB4C710B951819F058E7517C73CFCC08A64
                                                                                                                                                                                                                                                                          Function 00815C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00815C58
                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(00000000,?,00000100), ref: 00815C6F
                                                                                                                                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 00815C87
                                                                                                                                                                                                                                                                          • KillTimer.USER32(?,0000040A), ref: 00815CA3
                                                                                                                                                                                                                                                                          • EndDialog.USER32(?,00000001), ref: 00815CBD
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                          • Opcode ID: 16a0ae5c4d2fb85fe2779daa1bf284a94340040d0ceeb1ee761a69c692672ea0
                                                                                                                                                                                                                                                                          • Instruction ID: 627e3dc209650ed2377011df1c5101c19bfdd2a64e2d2a11bb0c088bb66bd2da
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16a0ae5c4d2fb85fe2779daa1bf284a94340040d0ceeb1ee761a69c692672ea0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6016D74501B04EBEB205F50DD5EFE677BCFF51B05F010559A692A10E1DBF4AA84CA90
                                                                                                                                                                                                                                                                          Function 007E22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E22BE
                                                                                                                                                                                                                                                                            • Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
                                                                                                                                                                                                                                                                            • Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E22D0
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E22E3
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E22F4
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E2305
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: 472bfd149c02a6b76c73b535e97fe7867db6861468b3eff27b41f24d0901512c
                                                                                                                                                                                                                                                                          • Instruction ID: cd97b96eb10b8c821550071798ada21c1691fc384d3c32d3a7ed59b2041cd924
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 472bfd149c02a6b76c73b535e97fe7867db6861468b3eff27b41f24d0901512c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CF030714021548B8A22AF59BC0A8083B6CFB1C760702551AF514E72B7CB3854539FA5
                                                                                                                                                                                                                                                                          Function 007C95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 007C95D4
                                                                                                                                                                                                                                                                          • StrokeAndFillPath.GDI32(?,?,008071F7,00000000,?,?,?), ref: 007C95F0
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 007C9603
                                                                                                                                                                                                                                                                          • DeleteObject.GDI32 ref: 007C9616
                                                                                                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 007C9631
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6eb0c816d0a68dbc80c67721d84fa3572191dbeab04b35dca851d55096734527
                                                                                                                                                                                                                                                                          • Instruction ID: 1e9463c47b0783279e18cc86912bea91b78c9048441a6df0216494a48cf85610
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6eb0c816d0a68dbc80c67721d84fa3572191dbeab04b35dca851d55096734527
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7F04934006A08EBDFA65F69ED1CBA43F69BB02322F448218F525650F0DB3499A2DF20
                                                                                                                                                                                                                                                                          Function 007E0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __freea$_free
                                                                                                                                                                                                                                                                          • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                          • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                          • Opcode ID: 98798344badbd48bda0d0f144e126e0b5095605fee537814fbbcf2a6dcf91ed8
                                                                                                                                                                                                                                                                          • Instruction ID: 3db4e4a99945eb99a5924fc0ee9c9661e8a8a4c076818f38f0d67e60aeb86a7a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98798344badbd48bda0d0f144e126e0b5095605fee537814fbbcf2a6dcf91ed8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DD11771A02285CACB249F6AC85BBFEB7B5FF0E300FA44159E6019B654D37D9D80CB91
                                                                                                                                                                                                                                                                          Function 00837B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007D0242: EnterCriticalSection.KERNEL32(0088070C,00881884,?,?,007C198B,00882518,?,?,?,007B12F9,00000000), ref: 007D024D
                                                                                                                                                                                                                                                                            • Part of subcall function 007D0242: LeaveCriticalSection.KERNEL32(0088070C,?,007C198B,00882518,?,?,?,007B12F9,00000000), ref: 007D028A
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                            • Part of subcall function 007D00A3: __onexit.LIBCMT ref: 007D00A9
                                                                                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 00837BFB
                                                                                                                                                                                                                                                                            • Part of subcall function 007D01F8: EnterCriticalSection.KERNEL32(0088070C,?,?,007C8747,00882514), ref: 007D0202
                                                                                                                                                                                                                                                                            • Part of subcall function 007D01F8: LeaveCriticalSection.KERNEL32(0088070C,?,007C8747,00882514), ref: 007D0235
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                          • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                          • API String ID: 535116098-3733170431
                                                                                                                                                                                                                                                                          • Opcode ID: 66a08e135c1d1e6d268eee57146bbd1769b425eb253d553f9993e53c73791bb7
                                                                                                                                                                                                                                                                          • Instruction ID: 6cad68b10ba1a0657eed0d5186ee161fd164dd21ed18c516b8b9852417ea3775
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66a08e135c1d1e6d268eee57146bbd1769b425eb253d553f9993e53c73791bb7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65917CB0A04209EFCB24EF98D8959ADB7B1FF85304F108059F806DB292DB75EE45CB91
                                                                                                                                                                                                                                                                          Function 007E5AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: JO{
                                                                                                                                                                                                                                                                          • API String ID: 0-846867066
                                                                                                                                                                                                                                                                          • Opcode ID: db4b4780b453edcbef913ad2e4f8ff9962b886cba1727ce5e0cb94b67ae62a1b
                                                                                                                                                                                                                                                                          • Instruction ID: 79a090f00dfc20f44a4340e164f320a29d4891ace195dfdb7bcb15e5fb5ce256
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db4b4780b453edcbef913ad2e4f8ff9962b886cba1727ce5e0cb94b67ae62a1b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD51D771D0268EDFCB119FA6C849FAE7BB4BF0D318F14005AF405A72A2D6799901CB61
                                                                                                                                                                                                                                                                          Function 007E8A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 007E8B6E
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 007E8B7A
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 007E8B81
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                                                                                                                                                                                                                          • String ID: .}
                                                                                                                                                                                                                                                                          • API String ID: 2434981716-2266125135
                                                                                                                                                                                                                                                                          • Opcode ID: d46a6e18b7d10b955ebdf18155fa8791c0d367eb3b81288f56b547a0cad9b8e8
                                                                                                                                                                                                                                                                          • Instruction ID: 2bd3054b87ab96cd1e0d88641f715f099e9ff838e6c2bbe03631b14d30f6a939
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d46a6e18b7d10b955ebdf18155fa8791c0d367eb3b81288f56b547a0cad9b8e8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8417EF06051C5AFC7659F5AC880A7D7FA6EF8D304B1881AAF45D8B242DE35CC02C751
                                                                                                                                                                                                                                                                          Function 00812716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0081B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008121D0,?,?,00000034,00000800,?,00000034), ref: 0081B42D
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00812760
                                                                                                                                                                                                                                                                            • Part of subcall function 0081B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008121FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0081B3F8
                                                                                                                                                                                                                                                                            • Part of subcall function 0081B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0081B355
                                                                                                                                                                                                                                                                            • Part of subcall function 0081B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00812194,00000034,?,?,00001004,00000000,00000000), ref: 0081B365
                                                                                                                                                                                                                                                                            • Part of subcall function 0081B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00812194,00000034,?,?,00001004,00000000,00000000), ref: 0081B37B
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008127CD
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0081281A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                                                          • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                          • Opcode ID: 1cf53c891e77df89c195903dfc5316426fe48ed5dadcc877db4e6a7f0bf23a84
                                                                                                                                                                                                                                                                          • Instruction ID: 667b42cc3c2581723e5112010567061f9352b72673e8ad9c43916afa68b1c857
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1cf53c891e77df89c195903dfc5316426fe48ed5dadcc877db4e6a7f0bf23a84
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63410E76900218AFDB10DFA8CD85ADEBBB8FF09700F108099FA55B7181DB706E95CB61
                                                                                                                                                                                                                                                                          Function 007E172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 007E1769
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E1834
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007E183E
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                          • API String ID: 2506810119-1957095476
                                                                                                                                                                                                                                                                          • Opcode ID: c60b4b2e19d71f017cd5cf9c9ca7eb3fb29e52fa69ab0629d7c72ab802417951
                                                                                                                                                                                                                                                                          • Instruction ID: a0fd80694d2f3a71f29ce4c1abd4ed44b8140ca84823a14b1729bd03d08485c0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c60b4b2e19d71f017cd5cf9c9ca7eb3fb29e52fa69ab0629d7c72ab802417951
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9931C271A01298EFCB21DB9A9C8AD9EBBFCEF89720B504166F404D7211D7749E41CB90
                                                                                                                                                                                                                                                                          Function 0081C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0081C306
                                                                                                                                                                                                                                                                          • DeleteMenu.USER32(?,00000007,00000000), ref: 0081C34C
                                                                                                                                                                                                                                                                          • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00881990,01535380), ref: 0081C395
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                          • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                          • Opcode ID: c313f3190f4823057509d40e889098223ec995e6ca8d8f40c877ca769163f721
                                                                                                                                                                                                                                                                          • Instruction ID: 4a42474d967ae21da25cfcc707abacc5cb04267dab61fcf0dce14183c7c1ebaa
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c313f3190f4823057509d40e889098223ec995e6ca8d8f40c877ca769163f721
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5341AD312443019FD724DF29D884B9ABBE8FF85324F008A1EF9A5D7391D730A985CB62
                                                                                                                                                                                                                                                                          Function 00844416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0084CC08,00000000,?,?,?,?), ref: 008444AA
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32 ref: 008444C7
                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 008444D7
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$Long
                                                                                                                                                                                                                                                                          • String ID: SysTreeView32
                                                                                                                                                                                                                                                                          • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                          • Opcode ID: 52808132590bf9e2a57b25bb5eced0ced1c14ba158a16bd354e300b9e096eed3
                                                                                                                                                                                                                                                                          • Instruction ID: 678c2a2f8208d07a7f7510120fe2889aac02b48f39ad2e0540155f51894a3524
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52808132590bf9e2a57b25bb5eced0ced1c14ba158a16bd354e300b9e096eed3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7319C32201209ABDF209E38DC45BEA7BA9FB08334F219329F979E21D0D774EC509B50
                                                                                                                                                                                                                                                                          Function 0083304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0083335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00833077,?,?), ref: 00833378
                                                                                                                                                                                                                                                                          • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0083307A
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0083309B
                                                                                                                                                                                                                                                                          • htons.WSOCK32(00000000,?,?,00000000), ref: 00833106
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                          • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                          • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                          • Opcode ID: 43439361629196dba8ee1a38035ea421ab47a523dacf2b87cfc29215e0f4e42c
                                                                                                                                                                                                                                                                          • Instruction ID: 1c35f26416379ed4bb949ce7da4d8c9fa5caf21feb0274e9bbfe3d4d2330df1b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43439361629196dba8ee1a38035ea421ab47a523dacf2b87cfc29215e0f4e42c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4031B039604605DFCB24CF68C595AAA77E0FF94318F248059E915CB3A2DB72EE45C7A0
                                                                                                                                                                                                                                                                          Function 00843EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00843F40
                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00843F54
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00843F78
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                          • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                          • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                          • Opcode ID: 85439976975d445f7486fb9a8b411f8c13875e0c0f436af981f40ef5680dba5f
                                                                                                                                                                                                                                                                          • Instruction ID: 44d0af4b02267bb7c0b32a61af1e5b3b1c41195c778b067b962fa4f5c5e83f2d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85439976975d445f7486fb9a8b411f8c13875e0c0f436af981f40ef5680dba5f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2321BC32600219BBDF219F94DC46FEA3B79FF48728F110214FE15AB1D0DAB5A854CBA0
                                                                                                                                                                                                                                                                          Function 00844653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00844705
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00844713
                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0084471A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                          • String ID: msctls_updown32
                                                                                                                                                                                                                                                                          • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                          • Opcode ID: 1665c2315baae876d40db1625875509403ae9e949d2281dab25a0b37a9c37495
                                                                                                                                                                                                                                                                          • Instruction ID: a576bc07c0e531e035fb7637e39ad36ca8bf837efffc3141a1335f1b97ab0764
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1665c2315baae876d40db1625875509403ae9e949d2281dab25a0b37a9c37495
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93214CB560020DAFEB10DF68DC85EA737ADFB5A394B050059FA15DB351CB34EC12CA60
                                                                                                                                                                                                                                                                          Function 008195AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                                                                                          • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                          • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                          • Opcode ID: 82b2bc4142944ed2496f4d944823270937b1d51264a430e921d53c122f974ed4
                                                                                                                                                                                                                                                                          • Instruction ID: c6fd24059aa02734bf3c7c14bc548ab0e3f2c20839342834fe7621f9b4ea49f3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82b2bc4142944ed2496f4d944823270937b1d51264a430e921d53c122f974ed4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74215B32104514A6D331AB24DC26FF773EDFFA1314F50402AF99AE7142EB59ADC1C2A5
                                                                                                                                                                                                                                                                          Function 008437B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00843840
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00843850
                                                                                                                                                                                                                                                                          • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00843876
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                          • String ID: Listbox
                                                                                                                                                                                                                                                                          • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                          • Opcode ID: f29e4770825a1aaa6f1549ae238ac7c92cf446dcfe312e45bf2ceb6e67f85814
                                                                                                                                                                                                                                                                          • Instruction ID: 2ca54342396679de7e0696ffc64cd80124c3b7fb04e23d79aa855f5d3a1e9d10
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f29e4770825a1aaa6f1549ae238ac7c92cf446dcfe312e45bf2ceb6e67f85814
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C21BE7260021CBBEF219F54CC85FAB7B6EFF89764F108124F9449B190CA75DC5287A0
                                                                                                                                                                                                                                                                          Function 008249F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 00824A08
                                                                                                                                                                                                                                                                          • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00824A5C
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,0084CC08), ref: 00824AD0
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                          • String ID: %lu
                                                                                                                                                                                                                                                                          • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                          • Opcode ID: 230fdffe052b330e5cb6c6c4761f7ac9f27bea84096d0347f6a16eb042cc4470
                                                                                                                                                                                                                                                                          • Instruction ID: a5bb1de06864e3dba977b6e363c4ab67559932025201e3dba44c93468f5fd2ec
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 230fdffe052b330e5cb6c6c4761f7ac9f27bea84096d0347f6a16eb042cc4470
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F313E75A00219EFDB10DF64C885EAA7BF8FF09308F1480A9E909DB252D775EE45CB61
                                                                                                                                                                                                                                                                          Function 008441EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0084424F
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00844264
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00844271
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                          • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                          • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                          • Opcode ID: 52fa0a5feae4908afdc35cd9b845dcb3983bb6329d7fb6f835eda5ee8b94b8af
                                                                                                                                                                                                                                                                          • Instruction ID: fd4c9d430e0483fbc0d19a81c24f16447997f07d4de477dfa704de68f15cdca4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52fa0a5feae4908afdc35cd9b845dcb3983bb6329d7fb6f835eda5ee8b94b8af
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F811A03124024CBEEF205E69CC06FAB3BACFF95B64F114624FA55E60A0D6B1D8519B20
                                                                                                                                                                                                                                                                          Function 00812F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A
                                                                                                                                                                                                                                                                            • Part of subcall function 00812DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00812DC5
                                                                                                                                                                                                                                                                            • Part of subcall function 00812DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00812DD6
                                                                                                                                                                                                                                                                            • Part of subcall function 00812DA7: GetCurrentThreadId.KERNEL32 ref: 00812DDD
                                                                                                                                                                                                                                                                            • Part of subcall function 00812DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00812DE4
                                                                                                                                                                                                                                                                          • GetFocus.USER32 ref: 00812F78
                                                                                                                                                                                                                                                                            • Part of subcall function 00812DEE: GetParent.USER32(00000000), ref: 00812DF9
                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00812FC3
                                                                                                                                                                                                                                                                          • EnumChildWindows.USER32(?,0081303B), ref: 00812FEB
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                          • String ID: %s%d
                                                                                                                                                                                                                                                                          • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                          • Opcode ID: 7605e713fbe674ab2f0055302b50a4e49f4aff4dfee9a38fcc9cb182caac3481
                                                                                                                                                                                                                                                                          • Instruction ID: 6d864dc5c5774d7c430060042c3e1e0f4e23c3d1d4aab316c091cbe00412f79b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7605e713fbe674ab2f0055302b50a4e49f4aff4dfee9a38fcc9cb182caac3481
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0811C0B5200209ABCF446F64DC99FEE37AEFF98304F048079B909DB252DE3499858B70
                                                                                                                                                                                                                                                                          Function 00845882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008458C1
                                                                                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008458EE
                                                                                                                                                                                                                                                                          • DrawMenuBar.USER32(?), ref: 008458FD
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                          • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                          • Opcode ID: ef89c0a736d63e01c89feb787392cf19c2d6ccc178ab7829fe7ac453c9ea2b9f
                                                                                                                                                                                                                                                                          • Instruction ID: 7aceac91597fe60d071b630399a89228b7d90c313046ff354b747c3d9f79646c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef89c0a736d63e01c89feb787392cf19c2d6ccc178ab7829fe7ac453c9ea2b9f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE016D3150121CEFDB619F11EC48BAEBFB9FB45764F108099E849DA152EB348A84EF21
                                                                                                                                                                                                                                                                          Function 0081007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: f7d1563dfdedfb384480aa6b12b83faa3fe602aea29808be2f7e8236cb936180
                                                                                                                                                                                                                                                                          • Instruction ID: a866da967c318a4f187228eb2b4e7c0d2a871cc6cb3fb0c5c370d03d6d2ce90d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7d1563dfdedfb384480aa6b12b83faa3fe602aea29808be2f7e8236cb936180
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86C13A75A0020AEFDB15CFA8C894AAEB7B9FF48704F208598E515EB251D771EDC1CB90
                                                                                                                                                                                                                                                                          Function 0083342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                          • Opcode ID: 75b7353d982eb1e510f8e53a2ef54d8a8db8d23973a5207a08eea0dae982b883
                                                                                                                                                                                                                                                                          • Instruction ID: 92ce67a49cefdf139c223b5cde8093c237f6fd10137c43dda0d27d38cd258d19
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75b7353d982eb1e510f8e53a2ef54d8a8db8d23973a5207a08eea0dae982b883
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23A10575604200DFC714DF28C58AA6AB7E5FF89714F048859F98ADB362DB34EE41CB92
                                                                                                                                                                                                                                                                          Function 00810436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0084FC08,?), ref: 008105F0
                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0084FC08,?), ref: 00810608
                                                                                                                                                                                                                                                                          • CLSIDFromProgID.OLE32(?,?,00000000,0084CC40,000000FF,?,00000000,00000800,00000000,?,0084FC08,?), ref: 0081062D
                                                                                                                                                                                                                                                                          • _memcmp.LIBVCRUNTIME ref: 0081064E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 314563124-0
                                                                                                                                                                                                                                                                          • Opcode ID: c65a2eaed473acbcabbf1b14353dca9d19b167a6e3a89d09569248e735c725f5
                                                                                                                                                                                                                                                                          • Instruction ID: 6dc64e35e544a9c4072dd6513a524f173a7db8d840d7a988e65c304a5456cd02
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c65a2eaed473acbcabbf1b14353dca9d19b167a6e3a89d09569248e735c725f5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2481B775A00209EFCB04DF94C984AEEB7B9FF89315F204558E516EB250DB71AE86CF60
                                                                                                                                                                                                                                                                          Function 0083A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 0083A6AC
                                                                                                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 0083A6BA
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 0083A79C
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0083A7AB
                                                                                                                                                                                                                                                                            • Part of subcall function 007CCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,007F3303,?), ref: 007CCE8A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                          • Opcode ID: b836cd6ace204ea59cfb14b6be409f65f59ec5a4f58a017f2e7934811dbb0a88
                                                                                                                                                                                                                                                                          • Instruction ID: f8582203b07980ea2a3d63e398105691cbf7a9e247aae5b9f8a1441f5ff7c530
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b836cd6ace204ea59cfb14b6be409f65f59ec5a4f58a017f2e7934811dbb0a88
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E51F975508300AFD714EF24C88AAABBBE8FF89754F40892DF695D7251EB34D904CB92
                                                                                                                                                                                                                                                                          Function 007F1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                                                          • Opcode ID: 32fa48d7415a19909b8190b49d30b651249d8c61a608c21a9ee576cc2183b6e4
                                                                                                                                                                                                                                                                          • Instruction ID: f3aa2bdd580eb7ddab53caec05328eafaf2aee629d84bff199b61a06b2966724
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32fa48d7415a19909b8190b49d30b651249d8c61a608c21a9ee576cc2183b6e4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C441313250018CEBDB256BFD9C496BE3AB4FF85370F544226F619D7392E63C48415671
                                                                                                                                                                                                                                                                          Function 00846278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 008462E2
                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00846315
                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00846382
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2828b9dcdc0ff39fcd2a647ef75036aed9943d27a0681dfa6a50cc024acf4ee1
                                                                                                                                                                                                                                                                          • Instruction ID: bb55c95fea430547b117a4c240ea1e73ca96b1ca5a051c331e0bd50b3f548383
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2828b9dcdc0ff39fcd2a647ef75036aed9943d27a0681dfa6a50cc024acf4ee1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A513A74A00249EFCF14DF68D884AAE7BB5FB46364F108259F815DB290E770ED91CB51
                                                                                                                                                                                                                                                                          Function 00831AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000002,00000011), ref: 00831AFD
                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00831B0B
                                                                                                                                                                                                                                                                          • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00831B8A
                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00831B94
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6665deaf2a74a8f154abda4d0dcd73083c38112c0f1c769ecec0018287a561a9
                                                                                                                                                                                                                                                                          • Instruction ID: edd746a5e746f2c5cc8df41684abfb45bdde96bb1e0a2ce7b018a806f65d2597
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6665deaf2a74a8f154abda4d0dcd73083c38112c0f1c769ecec0018287a561a9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E419035600200AFEB20AF24C88AF6677E5EB85718F54849CFA1A9F2D2D776DD41CBD0
                                                                                                                                                                                                                                                                          Function 007EB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9108068d1149ba4d5a2882e77cbfdcb03d7c964b29cede1f05f572c0f4e29ca0
                                                                                                                                                                                                                                                                          • Instruction ID: 17ec7b6c3e38fc777425bb7cecab36a53ab7f859e837c94d787e9d951dba0b42
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9108068d1149ba4d5a2882e77cbfdcb03d7c964b29cede1f05f572c0f4e29ca0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2741E4B2A01384EFD7249F79CC45B6BBFA9EB8D710F10452AF542DB2C2D779A9118780
                                                                                                                                                                                                                                                                          Function 008256D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00825783
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 008257A9
                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 008257CE
                                                                                                                                                                                                                                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 008257FA
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                          • Opcode ID: 98d15047776dfd438f62c5f904add460fbdc1dd46be7705f111a0fc12e407fe0
                                                                                                                                                                                                                                                                          • Instruction ID: c7ba3682f19bdefb39a0457eb554ffafce1564d766c87f88b9f208be4261ab9e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98d15047776dfd438f62c5f904add460fbdc1dd46be7705f111a0fc12e407fe0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58412B39600610DFCB25DF15C445A5EBBE6FF89320B18C498E84AAB762CB74FD40CB91
                                                                                                                                                                                                                                                                          Function 007ED8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,007D6D71,00000000,00000000,007D82D9,?,007D82D9,?,00000001,007D6D71,?,00000001,007D82D9,007D82D9), ref: 007ED910
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007ED999
                                                                                                                                                                                                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 007ED9AB
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 007ED9B4
                                                                                                                                                                                                                                                                            • Part of subcall function 007E3820: RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                          • Opcode ID: a8d5c3998b6dea91c73d238f89002388254ce34ab4ff39e2401e3b881ae8f801
                                                                                                                                                                                                                                                                          • Instruction ID: 62d11487300ae86361eefad162754f9d9428c169aa3a29dc2cd312f2552c3e88
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8d5c3998b6dea91c73d238f89002388254ce34ab4ff39e2401e3b881ae8f801
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD31FE72A0124AABDF24CF66DC45EAE7BA5EF45310F054169FC04DB252EB39ED50CBA0
                                                                                                                                                                                                                                                                          Function 008452C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00845352
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00845375
                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00845382
                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008453A8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                          • Opcode ID: e62ed31fd5d1e050d23eba2cf42c4e8730d469434b17556289a5c05035504dc3
                                                                                                                                                                                                                                                                          • Instruction ID: 1155d0d8da569597d5be3e2e3f786d0f05c4c3c0c44215608415496398a0ba32
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e62ed31fd5d1e050d23eba2cf42c4e8730d469434b17556289a5c05035504dc3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7319E34A55A0CEFEB209E14CC19BED77A5FB06394F584145FA11D63E2C7B49D40DB41
                                                                                                                                                                                                                                                                          Function 0081AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 0081ABF1
                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(00000080,?,00008000), ref: 0081AC0D
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000101,00000000), ref: 0081AC74
                                                                                                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 0081ACC6
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 432972143-0
                                                                                                                                                                                                                                                                          • Opcode ID: 32992018e734a913a8e53b8ba64cb2e32f1250e21b4bcc7aea413c9b6f1279a0
                                                                                                                                                                                                                                                                          • Instruction ID: 6f33f02a91c2618ca841ad655a6c3c4291f9daa839fc37c28b1edfc861fe1440
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32992018e734a913a8e53b8ba64cb2e32f1250e21b4bcc7aea413c9b6f1279a0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E31F270A02618AFEB39CB69C8047FA7BAEFF89310F04421AE485D22D1D37589C587D2
                                                                                                                                                                                                                                                                          Function 00847674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 0084769A
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00847710
                                                                                                                                                                                                                                                                          • PtInRect.USER32(?,?,00848B89), ref: 00847720
                                                                                                                                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 0084778C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                          • Opcode ID: ee4ace036fc9b6b76380c39d2c90543b1b0013ae8466de1f196d4961695f139d
                                                                                                                                                                                                                                                                          • Instruction ID: 2192f2049da4cba4b1fbd9aed070848eecea182820d74dfd39f7364943461e58
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee4ace036fc9b6b76380c39d2c90543b1b0013ae8466de1f196d4961695f139d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F41A038605259DFDB11CF58C898EA9BBF9FF49314F9680A9E414DB261C730E942CF90
                                                                                                                                                                                                                                                                          Function 008416DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 008416EB
                                                                                                                                                                                                                                                                            • Part of subcall function 00813A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00813A57
                                                                                                                                                                                                                                                                            • Part of subcall function 00813A3D: GetCurrentThreadId.KERNEL32 ref: 00813A5E
                                                                                                                                                                                                                                                                            • Part of subcall function 00813A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008125B3), ref: 00813A65
                                                                                                                                                                                                                                                                          • GetCaretPos.USER32(?), ref: 008416FF
                                                                                                                                                                                                                                                                          • ClientToScreen.USER32(00000000,?), ref: 0084174C
                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00841752
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                          • Opcode ID: a91f512321ac22e7cbdf84f4e58311c564d3f0978e94eedf9e6c75f0ef576d72
                                                                                                                                                                                                                                                                          • Instruction ID: 0b8d8c4da40f51820a425779c94815b291c13322725b086a4ab5455a2d8e6567
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a91f512321ac22e7cbdf84f4e58311c564d3f0978e94eedf9e6c75f0ef576d72
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28313D75D00149AFCB04EFA9C8859EEBBFDFF48304B5480AAE415E7211D6359E45CBA1
                                                                                                                                                                                                                                                                          Function 0081DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0081DFCB
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0081DFE2
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0081E00D
                                                                                                                                                                                                                                                                          • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0081E018
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                          • Opcode ID: 22fabb79f9fbbd2daafa28e131aebcb667a28093c113d98fa66a7745a542ecb0
                                                                                                                                                                                                                                                                          • Instruction ID: ff5705144ecf747d79a906bb6658590d888e378fda7c29b0378acbda2546a94a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22fabb79f9fbbd2daafa28e131aebcb667a28093c113d98fa66a7745a542ecb0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9921BF71900614EFCB209FA8D881BAEB7F8FF49750F144069E805FB342D6749E41CBA1
                                                                                                                                                                                                                                                                          Function 00848FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00849001
                                                                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00807711,?,?,?,?,?), ref: 00849016
                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 0084905E
                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00807711,?,?,?), ref: 00849094
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9c3dc55b092400d9bd754e59ab5f6aa56974abd71316e4b1acb6b22b8b7d18a7
                                                                                                                                                                                                                                                                          • Instruction ID: 895513a63db2c0a3cc037b4a17a9b0046352f141bfd8e24ea4f8b01b62a8e786
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c3dc55b092400d9bd754e59ab5f6aa56974abd71316e4b1acb6b22b8b7d18a7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F21AB35601418EFDB25CF98CC58EEB7BB9FB8A350F014069F9458B261C735A990DB60
                                                                                                                                                                                                                                                                          Function 0081D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?,0084CB68), ref: 0081D2FB
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0081D30A
                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 0081D319
                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0084CB68), ref: 0081D376
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8b54ba8a630571cf7ead8ff8fb40e39efc4b37852b22a00fb85a8c930b7c5dcf
                                                                                                                                                                                                                                                                          • Instruction ID: a462225bb752836ea9add0e225db0aaadaa41b232c6f82c28d2365f80847a51a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b54ba8a630571cf7ead8ff8fb40e39efc4b37852b22a00fb85a8c930b7c5dcf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90216D74509301DF8710DF28C885AAAB7ECFE56364F104A1DF4A9C73A1EB359986CB93
                                                                                                                                                                                                                                                                          Function 00811571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00811014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0081102A
                                                                                                                                                                                                                                                                            • Part of subcall function 00811014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00811036
                                                                                                                                                                                                                                                                            • Part of subcall function 00811014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00811045
                                                                                                                                                                                                                                                                            • Part of subcall function 00811014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0081104C
                                                                                                                                                                                                                                                                            • Part of subcall function 00811014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00811062
                                                                                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 008115BE
                                                                                                                                                                                                                                                                          • _memcmp.LIBVCRUNTIME ref: 008115E1
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00811617
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0081161E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5b592aac3eb90ee84384de33dfdb77ccadc5c668f7b27132b5841e26f9b9f257
                                                                                                                                                                                                                                                                          • Instruction ID: 2f0dd5b005da9f80202475da1c0be02c6201c66e130a7a0070ef5d4b5b12f4bd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b592aac3eb90ee84384de33dfdb77ccadc5c668f7b27132b5841e26f9b9f257
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C215531E01108ABDF00DFA4C949BEEB7B9FF94344F084459E541AB241E731AA85CBA0
                                                                                                                                                                                                                                                                          Function 00842782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 0084280A
                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00842824
                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00842832
                                                                                                                                                                                                                                                                          • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00842840
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                          • Opcode ID: 746094cf57016ca8fb3aabdc27a57bd14ad62f37ff9fb6a265ae5a8e10072343
                                                                                                                                                                                                                                                                          • Instruction ID: 6d6edc6f218f67560697b2ee54c1284ed801a6fc73095bf80e1ca62de043452d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 746094cf57016ca8fb3aabdc27a57bd14ad62f37ff9fb6a265ae5a8e10072343
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7021D335209119AFD714DB24C844FAA7B99FF46324F158258F826CB6E2CB75FC42CB91
                                                                                                                                                                                                                                                                          Function 008178F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00818D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0081790A,?,000000FF,?,00818754,00000000,?,0000001C,?,?), ref: 00818D8C
                                                                                                                                                                                                                                                                            • Part of subcall function 00818D7D: lstrcpyW.KERNEL32(00000000,?,?,0081790A,?,000000FF,?,00818754,00000000,?,0000001C,?,?,00000000), ref: 00818DB2
                                                                                                                                                                                                                                                                            • Part of subcall function 00818D7D: lstrcmpiW.KERNEL32(00000000,?,0081790A,?,000000FF,?,00818754,00000000,?,0000001C,?,?), ref: 00818DE3
                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00818754,00000000,?,0000001C,?,?,00000000), ref: 00817923
                                                                                                                                                                                                                                                                          • lstrcpyW.KERNEL32(00000000,?,?,00818754,00000000,?,0000001C,?,?,00000000), ref: 00817949
                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(00000002,cdecl,?,00818754,00000000,?,0000001C,?,?,00000000), ref: 00817984
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                          • String ID: cdecl
                                                                                                                                                                                                                                                                          • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                          • Opcode ID: a89660e2b35abb6c13fdb6a1ac615492b6f359d3664075f7f3230b8d64516ecd
                                                                                                                                                                                                                                                                          • Instruction ID: fa8c2db5284cc1c2cf2ba900f07e2d27de3cadca98e5b613c606a79864a0dbb5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a89660e2b35abb6c13fdb6a1ac615492b6f359d3664075f7f3230b8d64516ecd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA11D33A201302ABCB159F38D845EBA7BBDFF95350B50802EF946C72A4EB359855C7A1
                                                                                                                                                                                                                                                                          Function 00847CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00847D0B
                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00847D2A
                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00847D42
                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0082B7AD,00000000), ref: 00847D6B
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$Long
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 847901565-0
                                                                                                                                                                                                                                                                          • Opcode ID: c050399ff5e834137a3bcc14b2a59bbf8e53bebd721d06c56e078df5a18b5a02
                                                                                                                                                                                                                                                                          • Instruction ID: 87094aa5715eee062c8cb7f1d4169a6ab2205526acabfd8d8aded194f60d2b02
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c050399ff5e834137a3bcc14b2a59bbf8e53bebd721d06c56e078df5a18b5a02
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC117235615619AFCB109F68CC08B6A3BA9FF46360B158728F939D72F0E7349D51CB50
                                                                                                                                                                                                                                                                          Function 00845660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001060,?,00000004), ref: 008456BB
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008456CD
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008456D8
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00845816
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 455545452-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0e4d1f276634818fcb86b1a879e1d557200c8c2cdf8c1fb243c237ff707999ff
                                                                                                                                                                                                                                                                          • Instruction ID: 3484552f2f3c67d321c276cb60f82bb38d1ce680c39090847b957b44be3e2dbf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e4d1f276634818fcb86b1a879e1d557200c8c2cdf8c1fb243c237ff707999ff
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9111D67560060CA7DF209F65DC85AEE7B7CFF11768B104026F915D6182EB74D984CB64
                                                                                                                                                                                                                                                                          Function 007E1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: a274c5cf5801c76e1aa9d3645680ea80ecbe37bb4d67c34d36d2e2504d840e92
                                                                                                                                                                                                                                                                          • Instruction ID: fe290e7e2c72f60db6776a24b9c03c6fedfcdf2f563bb5cfae85e83dbc079d88
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a274c5cf5801c76e1aa9d3645680ea80ecbe37bb4d67c34d36d2e2504d840e92
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 880126B230768A7EF620567A6CC6F27261CEF893B8F710325F520611D2DB788C008230
                                                                                                                                                                                                                                                                          Function 00811A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00811A47
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00811A59
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00811A6F
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00811A8A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                          • Opcode ID: fbab5c9d7572e63aaca50371be4c4583fe74d3473cbe7cff835f32adddc45524
                                                                                                                                                                                                                                                                          • Instruction ID: c4ce0156bd020ed29fc44fdca4a23a53a34c0b2258e02c5a40e9d9a51a564818
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbab5c9d7572e63aaca50371be4c4583fe74d3473cbe7cff835f32adddc45524
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3811157A901229FFEF109BA48985FADBB78FF08750F200091EA00B7290D6716E50DB94
                                                                                                                                                                                                                                                                          Function 0081E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0081E1FD
                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(?,?,?,?), ref: 0081E230
                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0081E246
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0081E24D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                          • Opcode ID: f93c5fd011f796ec07efb20c578a342a3d16b6d9f3852c41420741f68444ab7d
                                                                                                                                                                                                                                                                          • Instruction ID: 5ed4ae3820332df490a8b6845d92a328e42ffdddab12b8037817139b0a97c0fd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f93c5fd011f796ec07efb20c578a342a3d16b6d9f3852c41420741f68444ab7d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4511A176A04258ABCB119FACAC09ADA7BACFF46320F144255F925E3391D7B49D4487A0
                                                                                                                                                                                                                                                                          Function 007DD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,?,007DCFF9,00000000,00000004,00000000), ref: 007DD218
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007DD224
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 007DD22B
                                                                                                                                                                                                                                                                          • ResumeThread.KERNEL32(00000000), ref: 007DD249
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 173952441-0
                                                                                                                                                                                                                                                                          • Opcode ID: 352b6130a77ccbddf48526a7e6c906f66062611a2b1cc07181f9c0b731c8a6d0
                                                                                                                                                                                                                                                                          • Instruction ID: e6c4c804c30b0d03289cef334efb6de2e75e4b90f32bfcfe37204c785bc332aa
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 352b6130a77ccbddf48526a7e6c906f66062611a2b1cc07181f9c0b731c8a6d0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E01D236806208BBCB215BA5DC09BAE7A7DFF82330F10021BF925923D0DB799D01C6A0
                                                                                                                                                                                                                                                                          Function 00849EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00849F31
                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00849F3B
                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00849F46
                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00849F7A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                          • Opcode ID: 680494a3136c8c5fcfdb74acc64cad369d0280f335facc23a24a5b0c55ed1445
                                                                                                                                                                                                                                                                          • Instruction ID: 5cafb044af27647778c73202dd575c9ba5e31d02f2852246e480be5465c7f854
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 680494a3136c8c5fcfdb74acc64cad369d0280f335facc23a24a5b0c55ed1445
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9811363690111EABDB20DFA8D8499EE77BCFB46311F000455F941E3140DB34BE86CBA1
                                                                                                                                                                                                                                                                          Function 007B600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007B604C
                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 007B6060
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 007B606A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                          • Opcode ID: 045f1a72f3a26d05369785865b7cb313a5ddb26b8ebb23e05a574f5b3063e17a
                                                                                                                                                                                                                                                                          • Instruction ID: 3309361e98cc23b9cd5a51cf7ca7c9fe72dea1382fae584b3c3a91f7236cf04a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 045f1a72f3a26d05369785865b7cb313a5ddb26b8ebb23e05a574f5b3063e17a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D115B72502508BFEF529FA59C44EFABBADFF197A4F040216FB1452120D73A9C60DBA0
                                                                                                                                                                                                                                                                          Function 007D3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___BuildCatchObject.LIBVCRUNTIME ref: 007D3B56
                                                                                                                                                                                                                                                                            • Part of subcall function 007D3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 007D3AD2
                                                                                                                                                                                                                                                                            • Part of subcall function 007D3AA3: ___AdjustPointer.LIBCMT ref: 007D3AED
                                                                                                                                                                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 007D3B6B
                                                                                                                                                                                                                                                                          • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 007D3B7C
                                                                                                                                                                                                                                                                          • CallCatchBlock.LIBVCRUNTIME ref: 007D3BA4
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 737400349-0
                                                                                                                                                                                                                                                                          • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                          • Instruction ID: cce51fc8d84b2eb94deed27e5dbd3e9b0634cff22a8469cc805a35ee2300c8b5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C012D72100148BBDF115F95CC46DEB3F7AEF48754F04401AFE4856221C73AE961DBA1
                                                                                                                                                                                                                                                                          Function 007E3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,007B13C6,00000000,00000000,?,007E301A,007B13C6,00000000,00000000,00000000,?,007E328B,00000006,FlsSetValue), ref: 007E30A5
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,007E301A,007B13C6,00000000,00000000,00000000,?,007E328B,00000006,FlsSetValue,00852290,FlsSetValue,00000000,00000364,?,007E2E46), ref: 007E30B1
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,007E301A,007B13C6,00000000,00000000,00000000,?,007E328B,00000006,FlsSetValue,00852290,FlsSetValue,00000000), ref: 007E30BF
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                          • Opcode ID: 21b25d95abe8e4727473bc62f650161a6e36fb394b710fd07915f4c96f78dbe8
                                                                                                                                                                                                                                                                          • Instruction ID: ffe4ef273f0a4e12a9df7f7297eb37be5b9a71668a13bdf0df0555b1d2048d34
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21b25d95abe8e4727473bc62f650161a6e36fb394b710fd07915f4c96f78dbe8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1601F736303266ABCB718B7A9C4CA677B9EBF4AB61B200720F905E3140C729D901C6E0
                                                                                                                                                                                                                                                                          Function 00817464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0081747F
                                                                                                                                                                                                                                                                          • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00817497
                                                                                                                                                                                                                                                                          • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 008174AC
                                                                                                                                                                                                                                                                          • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 008174CA
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                          • Opcode ID: 650b28fb4d1f4606f36a3286b1f94754efeb9c36d5742fb40b42ceb42fb32aae
                                                                                                                                                                                                                                                                          • Instruction ID: 075e860acb4a582f8c5229e99f74c871f2bc8db29abf888d9e46979e1510225f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 650b28fb4d1f4606f36a3286b1f94754efeb9c36d5742fb40b42ceb42fb32aae
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99118BB9206315ABE7208F18DD08FD27BFCFF00B04F10856EA656D6191DBB0E984DBA4
                                                                                                                                                                                                                                                                          Function 0081B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0081ACD3,?,00008000), ref: 0081B0C4
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0081ACD3,?,00008000), ref: 0081B0E9
                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0081ACD3,?,00008000), ref: 0081B0F3
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0081ACD3,?,00008000), ref: 0081B126
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                          • Opcode ID: 48a2ef8fb6b148cdac123c23a5e487312f96d426a28dff42fe670c231cd38b89
                                                                                                                                                                                                                                                                          • Instruction ID: da1fa793a2001e17270a5096d12a3f86bbcd1b0f2dc09c75e3182ef8c50a4a9d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48a2ef8fb6b148cdac123c23a5e487312f96d426a28dff42fe670c231cd38b89
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38113931C0292DE7CF00AFE4E958AEEBB7CFF0A711F114089D955B2181DB309690CB51
                                                                                                                                                                                                                                                                          Function 00847E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00847E33
                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00847E4B
                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00847E6F
                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00847E8A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 357397906-0
                                                                                                                                                                                                                                                                          • Opcode ID: 650e60726384ca0732650777651d1df83275e1d1b7f884e1c791fbf75fad9e48
                                                                                                                                                                                                                                                                          • Instruction ID: 0ddbd39e18f86e502b8d5086b5f87fbfb66fe1da482e0a9919193be094b3d241
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 650e60726384ca0732650777651d1df83275e1d1b7f884e1c791fbf75fad9e48
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 771153B9D0020AAFDB41CF98C884AEEBBF9FF19310F509166E915E3210D735AA54CF90
                                                                                                                                                                                                                                                                          Function 00812DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00812DC5
                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00812DD6
                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00812DDD
                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00812DE4
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                          • Opcode ID: ee6c6068d4d00478175ac7889816a09b3f5d876ebf92eab2c29cb7e5b680033f
                                                                                                                                                                                                                                                                          • Instruction ID: 47df54622771c2c631a9e814110f028368c56dbe4443fc2fb7b64ba95f0b0cba
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee6c6068d4d00478175ac7889816a09b3f5d876ebf92eab2c29cb7e5b680033f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35E0EDB56022287AD7601BA2EC0DEEB7E6CFF57BA1F414119B506D10909AA58981C6B1
                                                                                                                                                                                                                                                                          Function 00848863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007C9693
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9639: SelectObject.GDI32(?,00000000), ref: 007C96A2
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9639: BeginPath.GDI32(?), ref: 007C96B9
                                                                                                                                                                                                                                                                            • Part of subcall function 007C9639: SelectObject.GDI32(?,00000000), ref: 007C96E2
                                                                                                                                                                                                                                                                          • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00848887
                                                                                                                                                                                                                                                                          • LineTo.GDI32(?,?,?), ref: 00848894
                                                                                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 008488A4
                                                                                                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 008488B2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1d02b8c2d0304f3b9224204003e37026857f277bb04c0cdb940d10920d9ff681
                                                                                                                                                                                                                                                                          • Instruction ID: 20a38d9ed3dd85ae02279bfa6b9c1a4f6ad8188e8f8fe8181ec2984ddeb694ae
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d02b8c2d0304f3b9224204003e37026857f277bb04c0cdb940d10920d9ff681
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFF03A3A042658FADB125F94AC0DFCE3F5DBF16310F448100FA11650E2CB795511CBA9
                                                                                                                                                                                                                                                                          Function 007C98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000008), ref: 007C98CC
                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 007C98D6
                                                                                                                                                                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 007C98E9
                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 007C98F1
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                          • Opcode ID: bb042d19db3b5bb4f6906f3dc882655ad4791df2d0d743e664fc3f8eb4fca947
                                                                                                                                                                                                                                                                          • Instruction ID: 87c73e50b79ce0d56a9dc8e4514ff6f1d15e70f6bbe25832d6a4961b6a7a5c5d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb042d19db3b5bb4f6906f3dc882655ad4791df2d0d743e664fc3f8eb4fca947
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10E06D35645680AAEBA15B74AC09BE83F24FB16336F04821AF7FA980E1C7715640DB10
                                                                                                                                                                                                                                                                          Function 0081162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 00811634
                                                                                                                                                                                                                                                                          • OpenThreadToken.ADVAPI32(00000000,?,?,?,008111D9), ref: 0081163B
                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,008111D9), ref: 00811648
                                                                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000,?,?,?,008111D9), ref: 0081164F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                          • Opcode ID: a078a80f433d401bac9efca365a8b1257342b8008e380df04017da6c866e0e6d
                                                                                                                                                                                                                                                                          • Instruction ID: e64f9d6bbc5286c102c18ad84a9b7e0be76c1581370867597684db660c95620a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a078a80f433d401bac9efca365a8b1257342b8008e380df04017da6c866e0e6d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AEE04F356022119BDBA01FA19D0DB867B6CFF56791F144809F246C9090D6644480CB50
                                                                                                                                                                                                                                                                          Function 0080D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0080D858
                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 0080D862
                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0080D882
                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(?), ref: 0080D8A3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                          • Opcode ID: 71af866e893cf2f108df2042461eec6fefa9a422a0a2af59f33a3eb0dc9d6d73
                                                                                                                                                                                                                                                                          • Instruction ID: 13321e3ed673f8acc9d190eacb0a759ad6745cbe7fdaf895e1cfbf6239a866b8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71af866e893cf2f108df2042461eec6fefa9a422a0a2af59f33a3eb0dc9d6d73
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1AE01AB9801204DFCB919FA0D80CA6DBBB9FB19310F15D45DF806E7260C7388941EF40
                                                                                                                                                                                                                                                                          Function 0080D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0080D86C
                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 0080D876
                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0080D882
                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(?), ref: 0080D8A3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                          • Opcode ID: 92930487ac24d5aeb003586e5637af17dc9f4d468713c256e5f06a10f4043d81
                                                                                                                                                                                                                                                                          • Instruction ID: fb8f7df383d276537f4b873886af573eceff8f8f58ac5c3633cf56e53c440740
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92930487ac24d5aeb003586e5637af17dc9f4d468713c256e5f06a10f4043d81
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03E012B9801200EFCB91AFA0D80CA6DBBB9BB18310B15904DF80AE7260CB385901EF40
                                                                                                                                                                                                                                                                          Function 00824D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625
                                                                                                                                                                                                                                                                          • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00824ED4
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                          • String ID: *$LPT
                                                                                                                                                                                                                                                                          • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                          • Opcode ID: 4486a246dbeed911b2aa277a325ae5d32884325d52cca0758779172d297efda7
                                                                                                                                                                                                                                                                          • Instruction ID: e455c64542f3f60f92b3bc824cbfb99804a26d372fdb64951ebe8365511e19c9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4486a246dbeed911b2aa277a325ae5d32884325d52cca0758779172d297efda7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90915D75A00214DFDB14DF54D584EA9BBF1FF84308F199099E80A9B3A2CB35ED85CBA1
                                                                                                                                                                                                                                                                          Function 007DE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __startOneArgErrorHandling.LIBCMT ref: 007DE30D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                          • String ID: pow
                                                                                                                                                                                                                                                                          • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                          • Opcode ID: c24ba329d51ee94fb4fec6408fa400269111273a5592d596e66f879c91bccf1c
                                                                                                                                                                                                                                                                          • Instruction ID: d1aca00e533d87af2d3d85465686fa6d49425c17236073528bbe33e1683875b8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c24ba329d51ee94fb4fec6408fa400269111273a5592d596e66f879c91bccf1c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55517D61A0D24296CB1BB715CD453793BB8FB44741F34899AF0D54A3E9EF3C8C81DA46
                                                                                                                                                                                                                                                                          Function 007CE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: #
                                                                                                                                                                                                                                                                          • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                          • Opcode ID: 731caa0cacfd3f05764a35a1f52625675a7d55b90583395a9d3c5173bf92b4da
                                                                                                                                                                                                                                                                          • Instruction ID: a0e0574afa566caabd0df11704e73db328291abee784368646056cd2d93df8d9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 731caa0cacfd3f05764a35a1f52625675a7d55b90583395a9d3c5173bf92b4da
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A513335601246DFDB25DF28C885BFA7BA8FF55310F24845DE891DB2C0DA389D42CBA0
                                                                                                                                                                                                                                                                          Function 007CF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 007CF2A2
                                                                                                                                                                                                                                                                          • GlobalMemoryStatusEx.KERNEL32(?), ref: 007CF2BB
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                                                          • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                          • Opcode ID: 4231ab75b2eb5cab69395742c67e2dbbb786614f2f3ecc27fb58f946dee20a4e
                                                                                                                                                                                                                                                                          • Instruction ID: 3bde580d16c01c80ca60aa0703b44a4a87176a18361d47c7f36ffcf31841fa65
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4231ab75b2eb5cab69395742c67e2dbbb786614f2f3ecc27fb58f946dee20a4e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26512472418744DBD320AF10D88ABABBBF8FB84300F85885DF199811A5EB748529CB67
                                                                                                                                                                                                                                                                          Function 00835745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 008357E0
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008357EC
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                          • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                          • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                          • Opcode ID: 2a8cbcd6c6a20a1b1ad6bedc6c3ee26c616fc7a4865f1bb77bcf05fc963859a6
                                                                                                                                                                                                                                                                          • Instruction ID: 9b4aa4ad0486f56b69684687b479536400e46f84f8c4f47c98e3771e86572609
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a8cbcd6c6a20a1b1ad6bedc6c3ee26c616fc7a4865f1bb77bcf05fc963859a6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE417B71A00209DFCB14EFA9C8869AEBBB5FF99724F14406DE505E7291E7349D81CBA0
                                                                                                                                                                                                                                                                          Function 0082D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0082D130
                                                                                                                                                                                                                                                                          • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0082D13A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                          • String ID: |
                                                                                                                                                                                                                                                                          • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                          • Opcode ID: e6bdfb16a3302687b4c644f36a6cbc6ef092c59fb416fecf6aec27b1ca3c13bc
                                                                                                                                                                                                                                                                          • Instruction ID: 90cb027f29bb1966fd41cade51f9b97d776b7f7d4da69dfbe65080a66a028a56
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6bdfb16a3302687b4c644f36a6cbc6ef092c59fb416fecf6aec27b1ca3c13bc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA313D71D00219EBCF15EFA4DC89AEEBFB9FF04304F100019F915A61A2E735AA56CB50
                                                                                                                                                                                                                                                                          Function 0084356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?,?,?,?), ref: 00843621
                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0084365C
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                                                                                          • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                          • Opcode ID: 688bd237000074de105d2383361a3d5fd7f51f6e6472c3abcd8a4bde059f4084
                                                                                                                                                                                                                                                                          • Instruction ID: b38273474efd00566f789cc8dc224cdf0dea4106e98ef89d1b150c0d8388403b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 688bd237000074de105d2383361a3d5fd7f51f6e6472c3abcd8a4bde059f4084
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E318B71100208AEDB109F28DC81FFB73A9FF98724F01961DF9A5D7280DA34AD91D760
                                                                                                                                                                                                                                                                          Function 00844537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0084461F
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00844634
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                          • String ID: '
                                                                                                                                                                                                                                                                          • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                          • Opcode ID: ddc320d0b2ac1850c42bd35a704b1aa1591d15bcea3de07d3f71126650ad9518
                                                                                                                                                                                                                                                                          • Instruction ID: c4464c42456f18ed92abcffdef0fb7452e3bce76c10ba5e013144f27457a82e5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ddc320d0b2ac1850c42bd35a704b1aa1591d15bcea3de07d3f71126650ad9518
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1311674A0120A9FEF14CFA9C981BDABBB5FB09304F11516AE904EB341E770A941CF90
                                                                                                                                                                                                                                                                          Function 008431EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0084327C
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00843287
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                          • String ID: Combobox
                                                                                                                                                                                                                                                                          • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                          • Opcode ID: 0f3fc38bb4fa408a60f52cc42f8321a926c22700b88828db42fa5a3438f93434
                                                                                                                                                                                                                                                                          • Instruction ID: 56c278f566167a7f9c7c240396078fed9a4896da22fac78da8aee52565d0a99f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f3fc38bb4fa408a60f52cc42f8321a926c22700b88828db42fa5a3438f93434
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C811E27130021CBFFF219E54DC84EBB376AFB94365F104129F918E7290D6B19D518760
                                                                                                                                                                                                                                                                          Function 00843710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007B604C
                                                                                                                                                                                                                                                                            • Part of subcall function 007B600E: GetStockObject.GDI32(00000011), ref: 007B6060
                                                                                                                                                                                                                                                                            • Part of subcall function 007B600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 007B606A
                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 0084377A
                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000012), ref: 00843794
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                                                                                          • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                          • Opcode ID: 98fb6cb6d2af43dfd6a7543cab4fda905cac549e0ee2f579513fbce18c972d3e
                                                                                                                                                                                                                                                                          • Instruction ID: bdebe9097ade9d6eb677833f92052c27917069f6c898326c9138d3eaf3068594
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98fb6cb6d2af43dfd6a7543cab4fda905cac549e0ee2f579513fbce18c972d3e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A1114B2610209AFDB00DFA8CC46AEA7BB8FB19314F014925F995E2250EB35E8519B60
                                                                                                                                                                                                                                                                          Function 0082CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0082CD7D
                                                                                                                                                                                                                                                                          • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0082CDA6
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                          • String ID: <local>
                                                                                                                                                                                                                                                                          • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                          • Opcode ID: 7546942a85d1c6e1dbfb562718d782b7ccfa52b5ba45c7ef3892fb5f4ae9eb21
                                                                                                                                                                                                                                                                          • Instruction ID: 866c55de97b99e9a797e4d49d9dd54627f7970ff85f50d424ab671f10b64b5c5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7546942a85d1c6e1dbfb562718d782b7ccfa52b5ba45c7ef3892fb5f4ae9eb21
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF11C675205635BAE7744B669C45EFBBE6CFF127A8F004226B109C3180D7749885D6F0
                                                                                                                                                                                                                                                                          Function 00843429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetWindowTextLengthW.USER32(00000000), ref: 008434AB
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 008434BA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                          • String ID: edit
                                                                                                                                                                                                                                                                          • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                          • Opcode ID: 0b05aa99c5084f3edc06199eae86ab3daaf553215719654eefe4616b8dbdac49
                                                                                                                                                                                                                                                                          • Instruction ID: 5ffc070907786c82c05a7ef23b8bbafb895468806aa7979e660796b310a58703
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b05aa99c5084f3edc06199eae86ab3daaf553215719654eefe4616b8dbdac49
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E118C7120020CABEB129E68DC44AEB3B6EFB25378F504324FA65D31E0C775DD519B68
                                                                                                                                                                                                                                                                          Function 00816C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?,?), ref: 00816CB6
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00816CC2
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                          • String ID: STOP
                                                                                                                                                                                                                                                                          • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                          • Opcode ID: 0de969964638197b9059f1a4e327ba514083c316271e4de17f6dedfea8ee5a6e
                                                                                                                                                                                                                                                                          • Instruction ID: fe1d592cee2147167a732a5a081b95cd2af626aef173e5642108d64bb8716bb8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0de969964638197b9059f1a4e327ba514083c316271e4de17f6dedfea8ee5a6e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2001C832A005268BCB209FBDDC859FF77B9FF617147500524E9A2D6194FB35D990C690
                                                                                                                                                                                                                                                                          Function 00811CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                            • Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00811D4C
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                          • Opcode ID: 44c664b64b4fc40eae469592dcfb40b3089f4f476fe2ffc8a953e8b8bd079b3f
                                                                                                                                                                                                                                                                          • Instruction ID: 355a8ff5885acc09cf363920a7c1f8545435a2eda2ff57a6f7f2e6c743d8a9b7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44c664b64b4fc40eae469592dcfb40b3089f4f476fe2ffc8a953e8b8bd079b3f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E01D875601218AB8F04EBA4DC59DFE776CFF56350B140519FA36A73C1EA345948C660
                                                                                                                                                                                                                                                                          Function 00811BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                            • Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000180,00000000,?), ref: 00811C46
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                          • Opcode ID: afcc4f6516009f8c547af5e5925e11f1a9e452c6337d5b4a97c9769845ccd119
                                                                                                                                                                                                                                                                          • Instruction ID: 3dbd65f795c5e87bdaf3cc0415f2a458daab8c1434daee9773a16fab64a6404e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afcc4f6516009f8c547af5e5925e11f1a9e452c6337d5b4a97c9769845ccd119
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24016775781108A7CF14EBA4C959AFFB7ACFF15340F140019BA27B7281EA649E48D6F1
                                                                                                                                                                                                                                                                          Function 00811C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                            • Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000182,?,00000000), ref: 00811CC8
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                          • Opcode ID: c929876f72f8c983fd04f0f3843675249c88346ce7b9cad841efd8ec880a2e34
                                                                                                                                                                                                                                                                          • Instruction ID: af2df4fd33fa047b78ba71b34cd1b64b27c7ef02900a72a847b160a2c4dac923
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c929876f72f8c983fd04f0f3843675249c88346ce7b9cad841efd8ec880a2e34
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16016775641118A7CF14E7A4CA59AFE77ACFF11340B540015BA16F3281EA659F48C6F1
                                                                                                                                                                                                                                                                          Function 00811D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                                                                                                                                                                                                                            • Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA
                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00811DD3
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                          • Opcode ID: b9cad59d8d61aa57293a647d1a203afce2228bac2b7668dd5f16f7051381456e
                                                                                                                                                                                                                                                                          • Instruction ID: 8ed1e5e2453ce5bfbb9405e2f0c8d69b5130a39d5efa73596a3fa99c785b1b4a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9cad59d8d61aa57293a647d1a203afce2228bac2b7668dd5f16f7051381456e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7F0A471A41218A7DF04E7A4DC9ABFE776CFF02354F140919BA36E32C1EA64994882A1
                                                                                                                                                                                                                                                                          Function 0083747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                                                                                          • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                          • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                          • Opcode ID: 9f12e271cb67e940d73a0713f41820832bd969109cbe90b71bf67f98d2b41939
                                                                                                                                                                                                                                                                          • Instruction ID: dc864e4d952e30fa594f8c27769b698985bfc8a4d0c7135bbed5b46ae303ab39
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f12e271cb67e940d73a0713f41820832bd969109cbe90b71bf67f98d2b41939
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91E06182305320719331137BDCC597F5699EFC9750B10182BF9C5C236AFAA8ED9193E5
                                                                                                                                                                                                                                                                          Function 00810B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00810B23
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                                                                          • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                          • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                          • Opcode ID: caba219e3b5da8fe3256ef994c4a29f64d80ae7bb8af87367a6028fbb9836473
                                                                                                                                                                                                                                                                          • Instruction ID: a4b8b483dcb5d5ef85070187c6243648818fb49017b1517cb1003bd9dc536497
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: caba219e3b5da8fe3256ef994c4a29f64d80ae7bb8af87367a6028fbb9836473
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9E0923128931876D2102694BC07F897B88EF05B20F10442AF798955C38AE9649046E9
                                                                                                                                                                                                                                                                          Function 007D0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 007CF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,007D0D71,?,?,?,007B100A), ref: 007CF7CE
                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,007B100A), ref: 007D0D75
                                                                                                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,007B100A), ref: 007D0D84
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 007D0D7F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                          • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                          • Opcode ID: e547f1605994cf4680165de67cd9b24f8a37a5bb0e7f236ba47e2b23c8bf0abc
                                                                                                                                                                                                                                                                          • Instruction ID: a4fdf2cc0019c5a3ee43742a9bfa33ad10526c74e515400b607aa2db2b9dba03
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e547f1605994cf4680165de67cd9b24f8a37a5bb0e7f236ba47e2b23c8bf0abc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7E06D742003118BD3609FB8E4087427BF5BB04741F00492EE482C6752DBF8E444CBE1
                                                                                                                                                                                                                                                                          Function 00823017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0082302F
                                                                                                                                                                                                                                                                          • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00823044
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                          • String ID: aut
                                                                                                                                                                                                                                                                          • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                          • Opcode ID: 33406ae8aef0cf0af239201b697ae239ba2021ab5c21085c1b2a3ce0146b08ef
                                                                                                                                                                                                                                                                          • Instruction ID: e81a3babe13f0b0b7251f081ce54f30b2f972fbd36cee2666586f44e4729a2d9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33406ae8aef0cf0af239201b697ae239ba2021ab5c21085c1b2a3ce0146b08ef
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98D05E7650133867DA60A7A4AC4EFCB7B6CEB05750F0002A1B655E2091EAF4D984CAD4
                                                                                                                                                                                                                                                                          Function 0080D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: LocalTime
                                                                                                                                                                                                                                                                          • String ID: %.3d$X64
                                                                                                                                                                                                                                                                          • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                          • Opcode ID: 7110b61ffbe97b82b312c7f374fa5a5703d167400860c87300c3b0d261b88ea1
                                                                                                                                                                                                                                                                          • Instruction ID: df0cb18d1ddec9aa742374055d307fbc4bcf8584641ed9bd7d9ab1f796f90e1b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7110b61ffbe97b82b312c7f374fa5a5703d167400860c87300c3b0d261b88ea1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5BD012A180931CEACBD096E0CC49DB9B37CFB18305F508466F80AD1080D768E948AB61
                                                                                                                                                                                                                                                                          Function 00842322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0084232C
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0084233F
                                                                                                                                                                                                                                                                            • Part of subcall function 0081E97B: Sleep.KERNEL32 ref: 0081E9F3
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                          • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                          • Opcode ID: c8576065b501445a9aae6b6921dc2c580df56daef686a73fc5c60daae4d3c665
                                                                                                                                                                                                                                                                          • Instruction ID: 936b23977f1e719fe3cf86902c85832c08ded0b433b843a78ac64a7cf2d884d5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8576065b501445a9aae6b6921dc2c580df56daef686a73fc5c60daae4d3c665
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20D0A93A381300B6E2E8A7309C0FFCA6A18BB00B00F018A06770AEA1D0C8A4A801CA00
                                                                                                                                                                                                                                                                          Function 00842356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0084236C
                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000), ref: 00842373
                                                                                                                                                                                                                                                                            • Part of subcall function 0081E97B: Sleep.KERNEL32 ref: 0081E9F3
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                          • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                          • Opcode ID: 4e1c624e1da4bd6ac43389eddc581ab89d77dc7f6dae138402ec877548a2774a
                                                                                                                                                                                                                                                                          • Instruction ID: 2d36e448977bbaa1e62ed39db9f3ddd06f4e3404d43831596448da2c508375ae
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e1c624e1da4bd6ac43389eddc581ab89d77dc7f6dae138402ec877548a2774a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6D0A9363823007AE2E8A7309C0FFCA6A18BB01B00F018A06770AEA1D0C8A4A801CA04
                                                                                                                                                                                                                                                                          Function 007EBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 007EBE93
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007EBEA1
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007EBEFC
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1867835220.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867802511.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1867952254.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868055567.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1868114818.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7b6ada164a8ca295b88806f991881dc366a0924043faf2c6e5892e392aa0dff9
                                                                                                                                                                                                                                                                          • Instruction ID: 6ab9e0bb520bff7adada0835ff20473fbf7aa37c125d7e425345c7e21e527321
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b6ada164a8ca295b88806f991881dc366a0924043faf2c6e5892e392aa0dff9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5341D735602286EFCF218FA6CC84ABB7FA5AF49310F144169F959972A1DB349D01DB60

                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                          Function 000001B0D5945520 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1824189582.000001B0D5941000.00000020.00000800.00020000.00000000.sdmp, Offset: 000001B0D5941000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_1b0d5941000_firefox.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: f42072c44a0974658c213a5ee58ebe851341a613e3515316c2ec56ba9073526a
                                                                                                                                                                                                                                                                          • Instruction ID: cb227d414f6f7494ac61f7d7c5c6291d26803fb390fa0c5e0a2e460976d520a5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f42072c44a0974658c213a5ee58ebe851341a613e3515316c2ec56ba9073526a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A761673154D9490BE705B6F86C42782B790EB99320F488256DC48CB2C7EF66DDDA83D7
                                                                                                                                                                                                                                                                          Function 000001B0D5943D90 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1824189582.000001B0D5941000.00000020.00000800.00020000.00000000.sdmp, Offset: 000001B0D5941000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_1b0d5941000_firefox.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: ea91a7abf26eef6887a3718874cbc256b8c9d35db42dab242a5edce9ee0ddced
                                                                                                                                                                                                                                                                          • Instruction ID: ee5d15142a58251d304719703eae39bbd5a18e0bb847ac7db533a6548cdcff2b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea91a7abf26eef6887a3718874cbc256b8c9d35db42dab242a5edce9ee0ddced
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4210630518A080BEA9AA6FC5896797B7D0EB49314F48465BDC48D72D2DF22DCD5C38B
                                                                                                                                                                                                                                                                          Function 000001B0D5989773 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1824243512.000001B0D5981000.00000020.00000800.00020000.00000000.sdmp, Offset: 000001B0D5981000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_1b0d5981000_firefox.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 4b77fc80f6481fa24d4c981b5630033cd7da5ac72d4c00478e51135d1ccdf85c
                                                                                                                                                                                                                                                                          • Instruction ID: 61dc7ee21a638c2dcf75f910158cd1643881c66045522315ddf51426188577b2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b77fc80f6481fa24d4c981b5630033cd7da5ac72d4c00478e51135d1ccdf85c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A216A3060DE888FD74A97B85814B667FE1EF5F361F1901EAC848DB1D3CB228C848352
                                                                                                                                                                                                                                                                          Function 000001B0D5986C8C Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1824243512.000001B0D5981000.00000020.00000800.00020000.00000000.sdmp, Offset: 000001B0D5981000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_1b0d5981000_firefox.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: fe623101d7f08f929f6be7f77b4e0118c87ff0dd8108522d0372aa27acad9411
                                                                                                                                                                                                                                                                          • Instruction ID: f2257ed72f539310812ef71b1daa31721f46bc6fef8075f1ea2bf7365e94d609
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe623101d7f08f929f6be7f77b4e0118c87ff0dd8108522d0372aa27acad9411
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F212B71818F050AFB1347ECD811BE6BEA0E72A304F95029ADD28CF1C3DF728C919292
                                                                                                                                                                                                                                                                          Function 000001B0D5986CB4 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1824243512.000001B0D5981000.00000020.00000800.00020000.00000000.sdmp, Offset: 000001B0D5981000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_1b0d5981000_firefox.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 185ebb0dc3142210fbfe6525dd6b9fc4af64c1f87611aa7c155a4bdd5c30e0d0
                                                                                                                                                                                                                                                                          • Instruction ID: 18d19bd42f79b72530eebdc9602cf8185594584082554a4126006b75dc8e896e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 185ebb0dc3142210fbfe6525dd6b9fc4af64c1f87611aa7c155a4bdd5c30e0d0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B11CD71418E054AEB1687E8D451B95BEA1E72A304F55029ACC298F1C3DF72CC918782
                                                                                                                                                                                                                                                                          Function 000001B0D594C8C3 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1824189582.000001B0D5941000.00000020.00000800.00020000.00000000.sdmp, Offset: 000001B0D5941000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_1b0d5941000_firefox.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 41a3a9b7df4119232448a175307cd073fa4da2ffa41764230f17c4b8f2dd930c
                                                                                                                                                                                                                                                                          • Instruction ID: e3b9002cc3e973d772d1411ebd689ee92dcd8404c03c425434e180dce8bf5d48
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41a3a9b7df4119232448a175307cd073fa4da2ffa41764230f17c4b8f2dd930c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CF01730858968CFDF19EB88D891E99B7F0FF29710F09048AE448E7292D765B951CB92